Secure permissioning of access to user accounts, including secure deauthorization of access to user accounts

ABSTRACT

A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user&#39;s account.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims benefit of U.S. Provisional Patent ApplicationNo. 62/215,603, filed Sep. 8, 2015, and titled “LINK,” and U.S.Provisional Patent Application No. 62/267,508, filed Dec. 15, 2015, andtitled “SECURE PERMISSIONING OF ACCESS TO USER ACCOUNTS, INCLUDINGSECURE DEAUTHORIZATION OF ACCESS TO USER ACCOUNTS.” The entiredisclosure of each of the above items is hereby made part of thisspecification as if set forth fully herein and incorporated by referencefor all purposes, for all that it contains.

This application is also related to U.S. patent application Ser. No.15/258,256, filed on Sep. 7, 2016, and titled “SECURE PERMISSIONING OFACCESS TO USER ACCOUNTS, INCLUDING SECURE DEAUTHORIZATION OF ACCESS TOUSER ACCOUNTS.” The entire disclosure of each of the above items ishereby made part of this specification as if set forth fully herein andincorporated by reference for all purposes, for all that it contains.

Any and all applications for which a foreign or domestic priority claimis identified in the Application Data Sheet as filed with the presentapplication are hereby incorporated by reference under 37 CFR 1.57 forall purposes and for all that they contain.

TECHNICAL FIELD

Embodiments of present disclosure relate to systems and techniques forsecure permissioning of user account data. More specifically,embodiments of the present disclosure relate to securely accessing useraccount information via proprietary APIs, securely authorizing useraccount transactions, and securely de-authorizing user accounttransactions.

BACKGROUND

The approaches described in this section are approaches that could bepursued, but not necessarily approaches that have been previouslyconceived or pursued. Therefore, unless otherwise indicated, it shouldnot be assumed that any of the approaches described in this sectionqualify as prior art merely by virtue of their inclusion in thissection.

Users may grant access to their user accounts by providing credentialsrelated to those accounts. However, once such credentials are shared, inmany cases they may not be securely revoked. For example, once anaccount number is shared with a service provider, that account numbercannot then be robustly retracted from the knowledge of that serviceprovider.

SUMMARY

The systems, methods, and devices described herein each have severalaspects, no single one of which is solely responsible for its desirableattributes. Without limiting the scope of this disclosure, severalnon-limiting features will now be described briefly.

Embodiments of the present disclosure relate to systems and techniquesfor securely and efficiently obtaining user account data viainstantiation of virtualized or simulated instances of first-partysoftware applications. For example, the systems of the presentdisclosure include generation of proxy, virtualized, or simulatedinstances of software applications that are configured to interface withexternal systems via public or non-public (e.g., proprietary)application programming interfaces (APIs). The virtualized or simulatedinstances of the software applications may be authenticated with theexternal systems as if the virtualized/simulated instances are actuallyfirst-party software applications executing on a user computing device.Via the public/non-public APIs user account information may be obtainedand processed, such that the data may be normalized and provided toother software systems via a normalized API of the system. Accordingly,the systems of the present disclosure may be significantly moreefficient at obtaining user account data from external systems thanprevious techniques. Further, the user account data may be normalizedand requested and/or provided via a normalized API, enabling others toefficiently access such data (originally obtained from multiple externalsystems) from a single standardized interface in a highly efficientmanner.

Embodiments of the present disclosure also relate to systems (e.g., apermissions management system) and techniques for enabling a user tosecurely authorize a third-party system to initiate transactions relatedto an account, without disclosing to the third-party system the accountcredentials (e.g., an identity of the account). Such transactions mayinclude, for example, initiating an electronic payment, or the like.Further, the systems and techniques of the present disclosure may enablethe user to securely de-authorize the third-party system from initiatingtransactions related to the account. The disclosure includes, in someembodiments, automatic generation of electronic records that securelystore account information. In some implementations the electronicrecords may include one or more permissions related to the account andthe third-party. A token (e.g., a unique identifier associated with theelectronic record, also referred to herein as a “unique recordidentifier”) may be shared with the third-party system, but in someimplementations neither the electronic record itself, nor the useraccount credentials, may be shared with the third-party. Accordingly,the third-party (e.g., a merchant system or a software applicationdeveloped by a developer) may request user account data and/or initiatetransactions by providing the token, but does not itself know, e.g.,account number, etc. Further, in some implementations the user may setvarious permissions related to the token/electronic record, and may alsorevoke permissions associated with the token/electronic record (e.g.,de-authorize the third-party), thus providing increased security to theuser's account. The disclosure further includes various interactive userinterfaces to facilitate the above-described functionality.

In various embodiments, large amounts of data are automatically anddynamically retrieved and processed in response to applicationprogramming interface (API) requests and other user inputs, and theretrieved data is efficiently and compactly accessible to a customer oruser also via normalized API responses from the system. The data isretrieved in an efficient way via instantiation of virtualized/simulatedinstances of mobile applications, for example. Thus, in someembodiments, the API interfaces described herein are more efficient ascompared to previous interfaces in which data is not normalized andcompactly and efficiently provided to the customer user in response tosuch requests. Advantageously, using the system, the customer or usermay access data from multiple disparate data sources (e.g., data stores)and/or systems, each of which may use a proprietary interface, in astandardized way.

Further, as described herein, the system may be configured and/ordesigned to generate user interface data useable for rendering thevarious interactive user interfaces described. The user interface datamay be used by the system, and/or another computer system, device,and/or software program (for example, a browser program), to render theinteractive user interfaces. The interactive user interfaces may bedisplayed on, for example, electronic displays (including, for example,touch-enabled displays).

Additionally, it has been noted that design of computer user interfaces“that are useable and easily learned by humans is a non-trivial problemfor software developers.” (Dillon, A. (2003) User Interface Design.MacMillan Encyclopedia of Cognitive Science, Vol. 4, London: MacMillan,453-458.) The present disclosure describes various embodiments ofinteractive and dynamic user interfaces that are the result ofsignificant development. This non-trivial development has resulted inthe user interfaces described herein which may provide significantcognitive and ergonomic efficiencies and advantages over previoussystems. The interactive and dynamic user interfaces include improvedhuman-computer interactions that may provide reduced mental workloads,improved decision-making, reduced work stress, and/or the like, for auser. For example, user interaction with the interactive user interfacevia the inputs described herein may provide an optimized display of, andinteraction with, transaction and account data and may enable a customeruser to more quickly and accurately access, navigate, assess, and digestthe account data than previous systems.

Further, the interactive and dynamic user interfaces described hereinare enabled by innovations in efficient interactions between the userinterfaces and underlying systems and components. For example, disclosedherein are improved methods of receiving user inputs, translation anddelivery of those inputs to various system components, automatic anddynamic execution of complex processes in response to the inputdelivery, automatic interaction among various aspects and processes ofthe system, and automatic and dynamic updating of the user interfaces.The interactions and presentation of data via the interactive userinterfaces described herein may accordingly provide cognitive andergonomic efficiencies and advantages over previous systems.

Various embodiments of the present disclosure provide improvements tovarious technologies and technological fields. For example, as mentionedabove, existing account and/or transaction data retrieval technology islimited in various ways (e.g., interfaces differ for each system orsource, data is provided in different formats, etc.), and variousembodiments of the disclosure provide significant improvements over suchtechnology. Additionally, various embodiments of the present disclosureare inextricably tied to computer technology. In particular, variousembodiments rely on receipt of computer-based API requests, accessing oftransaction and/or other data via, e.g., virtualized/simulated instancesof mobile applications, normalization of retrieved data, and responsesto the requests via the API in a standardized way. Such features andothers are intimately tied to, and enabled by, computer technology, andwould not exist except for computer technology. For example, the APIrequest and responses, and instantiation of virtualized/simulatedinstances of e.g., mobile applications, described below in reference tovarious embodiments, cannot reasonably be performed by humans alone,without the computer technology upon which they are implemented.Further, the implementation of the various embodiments of the presentdisclosure via computer technology enables many of the advantagesdescribed herein, including more efficient interaction with, varioustypes of data.

According to an embodiment, a method is disclosed comprising: at afinancial platform system constructed to programmatically accessfinancial data: creating an application proxy instance that simulates anapplication of an external financial service system; receiving anormalized account request for financial data of the external financialservice system for a specified account, the normalized account requestbeing provided by an external financial application system by using afinancial data API of the financial platform system; responsive to thenormalized account request: negotiating communication with the externalfinancial service system by using the application proxy instance toaccess the requested financial data from the external financial servicesystem by using a proprietary Application Programming Interface (API) ofthe external financial service system; and providing the financial datato the external financial application system as a response to thenormalized account request.

According to an aspect, the method further comprises setting up asession through the proxy instance.

According to another aspect, the normalized account request is a requestin accordance with the financial data API of the financial platformsystem, and the financial data API is constructed to provide anormalized interface for accessing financial data from externalfinancial service systems having different proprietary APIs.

According to yet another aspect, negotiating communication comprises:forming a request in accordance with the proprietary API based oninformation specified by the normalized account request.

According to another aspect, the financial platform system includes aninstitution interface module for the external financial service system,the institution interface module models the proprietary API of theexternal financial service system, and the institution interface moduleis used to access the requested financial data from the externalfinancial service system.

According to yet another aspect, the financial platform system generatesthe institution interface module by at least one of: parsing source codeof the application of the external financial service system; and parsingcommunication between the application and the external financial servicesystem.

According to another aspect, the institution interface module definesheaders of messages sent to the external financial service system.

According to yet another aspect, the specified account is an account ofthe external financial service system.

According to another aspect, the specified account is a user account ofthe financial application system, and the financial data accessed fromthe external financial service system is financial data corresponding toat least one account of the external financial service system that isassociated with user credentials of the application proxy instance.

According to yet another aspect, the specified account is a user accountof the financial application system, wherein a plurality of applicationproxy instances corresponding to the specified user account are used toaccess financial data from a plurality of external financial servicesystems, and wherein financial data provided to the application systemcorresponds to accounts of the external financial service systems thatare associated with user credentials of the application proxy instances.

According to another embodiment, a method is disclosed comprising: at amulti-tenant financial platform system constructed to programmaticallyaccess at least one financial service system external to the financialplatform system, and responsive to a normalized financial servicerequest provided by an external application system associated with anaccount of the financial platform system: for each external financialservice system corresponding to the normalized financial servicerequest, using an application proxy instance associated with the accountof the financial platform system to provide a proprietary ApplicationProgramming Interface (API) request to the financial service system inaccordance with a proprietary API of the financial service system; andproviding a normalized financial service response to the externalapplication system based on at least one proprietary API responsereceived from an external financial service system, wherein using anapplication proxy instance comprises using an application proxy instancethat is constructed to provide a proprietary API request to therespective external financial service system on behalf of a user accountof the external application system by simulating an application of theexternal financial service system.

According to an aspect, the financial platform system includes aninstitution interface module for each external financial service system,wherein each institution interface module models the proprietary API ofthe associated external financial service system, wherein eachproprietary API request is provided to the corresponding financialservice system by using the institution interface module for thefinancial service system, and an application proxy instancecorresponding to the financial service system and the user account, andwherein the financial platform system generates each institutioninterface module by at least one of: parsing source code of theapplication of the corresponding financial service system; and parsingcommunication between the application and the corresponding financialservice system.

According to another aspect, a primary application proxy instance and atleast one secondary application proxy instance are associated with afinancial service system corresponding to the normalized financialservice request, and wherein responsive to a determination that thenormalized financial service request cannot be processed by using theprimary application proxy instance, the secondary application proxyinstance is used to process the normalized financial service request.

According to yet another aspect, the primary application proxy instancecorresponds to a mobile application of a respective financial servicesystem and the secondary application proxy instance corresponds to atleast one of a web-based application and a desktop application of therespective financial service system.

According to another aspect, proprietary API requests of a proprietaryAPI of a financial service system include at least one of: a request fora list of transactions for at least one account of the financial servicesystem; a request for details of a transaction associated with anaccount of the financial service system; a financial transfer request, apayment scheduling request; an electronic check deposit request; anaccount update request; a fraud reporting request; and a servicesrequest, and wherein normalized API requests of an API of the financialplatform system include at least one of: a request for a list oftransactions for a user account of an external application system; arequest for details of a transaction associated with the user account; afinancial transfer request; a payment scheduling request; an electroniccheck deposit request; an account update request; a fraud reportingrequest; and a services request.

According to yet another aspect, the normalized financial servicerequest is a request for a list of transactions for the user account,wherein financial service systems corresponding to the normalizedfinancial service request include financial service systemscorresponding to application proxy instances for the user account of theexternal application system, and wherein each proprietary API request isa request for financial data of accounts corresponding to usercredentials of the associated application proxy instance used to providethe proprietary API request.

According to another aspect, providing the normalized financial serviceresponse comprises transforming the received financial data into anormalized form, and wherein transforming the received financial datacomprises at least one of processing the financial data, cleaning thefinancial data, supplementing the financial data with additionalinformation, and enhancing the financial data, and wherein additionalinformation includes at least one of categorical labels, tags, and geolocation information.

According to yet another aspect, the normalized financial servicerequest is a request for details of a transaction associated with theuser account, wherein the normalized financial service request specifiesinformation identifying the transaction, the associated financialservice system, and the associated account of the financial servicesystem, and wherein the proprietary API request is a request for detailsof the transaction of the specified account of the specified financialservice system.

According to another aspect, the normalized financial service request isa financial transfer request, wherein the normalized financial servicerequest specifies information identifying a source financial servicesystem, a source account of the source financial service system, adestination financial service system, a destination account of thedestination financial service system, and a transaction amount, andwherein at least one of an application proxy instance of the sourcefinancial service system and an application proxy instance of thedestination financial service system is used to initiate the financialtransfer request to transfer the specified transaction amount from thesource account to the destination account by providing a proprietarytransfer API request to the respective financial service system.

According to yet another aspect, the financial platform system selectsone of the application proxy instance of the source financial servicesystem and the application proxy instance of the destination financialservice system for initiation of the financial transfer request based onat least one of capabilities and transaction fees of the sourcefinancial service system and the destination financial service system.

According to yet another embodiment, a method is disclosed comprising afinancial platform system receiving a normalized financial API requestassociated with at least one financial account endpoint, the normalizedfinancial API request being provided by an external financialapplication system by using a financial platform API of the financialplatform system, the normalized financial API request specifying accountcredentials of each financial account endpoint of the normalizedfinancial API request; responsive to the normalized financial APIrequest: collecting transaction information of each financial accountendpoint of the normalized financial API request by using an applicationproxy instance associated with the financial account endpoint to collectthe transaction information from a corresponding financial institutionsystem by using the associated account credentials specified by thenormalized financial API request and a proprietary ApplicationProgramming Interface (API) of the financial institution system; andproviding a normalized financial API response to the external financialapplication system, the normalized financial API response providing thetransaction information of each financial account endpoint of thenormalized financial API request, wherein each application proxyinstance is constructed to simulate an application of the correspondingexternal financial institution system.

According to an aspect, the collected transaction information for eachfinancial account endpoint includes at least an account number and acorresponding routing number for use in automated clearing house (ACH)transactions.

According to another aspect, the transaction information is collected byprocessing at least one financial statement accessed from thecorresponding external financial institution system.

According to yet another aspect, the financial platform system includesan institution interface module for each external financial institutionsystem, each institution interface module models the proprietary API ofthe external financial institution system, and each application proxyinstance uses a corresponding institution interface module to collectthe transaction information from the external financial institutionsystem.

According to another aspect, the financial platform system generateseach institution interface module by at least one of: parsing sourcecode of the application of the associated external financial institutionsystem; and parsing communication between the application and theassociated external financial institution system.

According to yet another aspect, each institution interface moduledefines headers of messages sent to the associated external financialinstitution system, and wherein the proprietary API is different from aweb browser interface.

According to another embodiment, a method is disclosed comprising: at afinancial platform system: receiving a normalized financial API requestassociated with at least one financial account endpoint, the normalizedfinancial API request being provided by an external financialapplication system by using a financial platform API of the financialplatform system, the normalized financial API request specifying afinancial transaction and at least one of an account token and accountcredentials of each financial account endpoint of the normalizedfinancial API request; responsive to the normalized financial APIrequest: collecting transaction information of each financial accountendpoint of the normalized financial API request by using an applicationproxy instance associated with the financial account endpoint to collectthe transaction information from a corresponding financial institutionsystem by using at least one of an associated account token andassociated account credentials specified by the normalized financial APIrequest and by using a proprietary API of the financial institutionsystem; executing the transaction specified by the normalized financialAPI request by using the collected transaction information; andproviding a normalized financial API response to the external system,the normalized financial API response providing at least one of a statusof the transaction and results of the transaction, wherein eachapplication proxy instance is constructed to simulate an application ofthe corresponding external financial institution system.

According to yet another embodiment, a method is disclosed comprising afinancial platform system constructed to programmatically access atleast one external financial institution system external to thefinancial platform system, and responsive to a normalized financial APIrequest provided by a financial application system by using a financialplatform API of the financial platform system, the normalized financialAPI request specifying user information corresponding to at least onefinancial account endpoint of the at least one external financialinstitution system: using at least one application proxy instanceassociated with the normalized API request to collect transactioninformation from a corresponding financial institution system byproviding the financial institution system with a proprietary financialAPI request that specifies at least account credentials associated withthe user information specified by the normalized financial API request,the transaction information being included in at least one proprietaryfinancial API response provided by the financial institution system;generating a normalized financial API response based on the collectedtransaction information; and providing the normalized financial APIresponse to the financial application system, wherein each applicationproxy instance is constructed to simulate an application of thecorresponding financial institution system on behalf of a userassociated with the application proxy instance.

According to an aspect, each proprietary API is a private API of therespective financial institution system, and wherein each proprietaryAPI is different from a web browser interface.

According to another aspect, the normalized financial API request isprovided on behalf of a user account of the financial applicationsystem, and wherein the specified user information includes informationassociated with the user account.

According to yet another aspect, the normalized financial API request isprovided on behalf of a user account of the financial applicationsystem, and wherein the specified user information includes informationassociated with a user that is different from a user of the user accountof the financial application system.

According to another aspect, the normalized financial API request is arequest for financial account endpoint information, wherein thecollected transaction information includes financial account endpointinformation, and wherein generating the normalized financial APIresponse comprises including the financial account endpoint informationin the normalized financial API response.

According to yet another aspect, the normalized financial API request isa request to transfer funds from at least one withdrawal accountendpoint to at least one deposit account endpoint and the normalizedfinancial API request specifies an amount of funds to be transferred,wherein the user information indicates the at least one withdrawalaccount endpoint and the at least one deposit account endpoint, whereina transaction engine of the financial platform system is used to executean ACH transaction to transfer the specified amount of funds from the atleast one withdrawal account endpoint to the at least one depositaccount endpoint by using the collected transaction information, andwherein generating the normalized financial API response comprisesincluding at least one of a status of the transfer and results of thetransfer in the normalized financial API response.

According to another aspect, the normalized financial API requestspecifies an originating financial institution system for executing thetransfer.

According to yet another aspect, the financial platform system is amulti-tenant financial platform system, wherein the application systemis an external application system associated with an account of thefinancial platform system, wherein each application proxy instance isassociated with the account of the financial platform system, andwherein each application proxy instance is constructed to provide aproprietary financial API request to the respective external financialinstitution system on behalf of a user of the external applicationsystem by simulating an application of the external financialinstitution system.

According to another aspect, the financial platform system is asingle-tenant financial platform system, wherein the application systemis an application system of the financial platform system, and whereineach application proxy instance is constructed to provide a proprietaryfinancial API request to the respective external financial institutionsystem on behalf of a user of the application system by simulating anapplication of the external financial institution system.

According to yet another aspect, the user information includes a useraccount identifier for at least one user account of the applicationsystem corresponding to the normalized financial API request, each useraccount identifier is used to select at least one of the at least oneapplication proxy instance, and each at least one application proxyinstance includes user credentials to access the associated financialinstitution system, and wherein each proprietary financial API requestspecifies the corresponding user credentials.

According to another aspect, the user information includes at least oneset of user credentials for at least one user account of the applicationsystem corresponding to the normalized financial API request, andwherein at least one proprietary financial API request specifies acorresponding set of user credentials of the user information.

According to yet another aspect, the user information includes at leastone account token for at least one user account of the applicationsystem corresponding to the normalized financial API request, andwherein at least one proprietary financial API request specifies usercredentials associated with a corresponding account token of the userinformation.

According to another aspect, the method further comprises at least oneof: selecting at least one of the at least one withdrawal accountendpoint for the transfer based on at least one of capabilities of atleast one withdrawal account endpoints, availability of at least onewithdrawal account endpoint, configuration for at least one withdrawalaccount endpoints, and parameters of the normalized financial APIrequest, and selecting at least one of the at least one deposit accountendpoint for the transfer based on at least one of capabilities of atleast one deposit account endpoint, availability of at least one depositaccount endpoint, configuration for at least one deposit accountendpoint, and parameters of the normalized financial API request.

According to another embodiment, a computer system is disclosedcomprising: one or more computer readable storage devices configured tostore a plurality of computer executable instructions; and one or morehardware computer processors in communication with the one or morecomputer readable storage devices and configured to execute theplurality of computer executable instructions in order to cause thecomputer system to: execute an Application Programming Interface (API)of the computer system, the API of the computer system configured toreceive and provide responses to requests from a developer computingdevice according to a normalized format of the API of the computersystem; receive, via the API and according to the normalized format, arequest from the developer computing device for transaction dataassociated with a user, the request including at least: a usernameassociated with the user, a password associated with the user, and anexternal institution identifier; determine, based on the externalinstitution identifier, an external institution associated with therequest; in response to the request: access an institution interfacemodule of the computer system, wherein: the institution interface moduleis uniquely configured to enable communication with an externalcomputing device of the external institution via a non-public API of theexternal computing device of the external institution, and theinstitution interface module is generated based on an analysis ofinteractions between an actual instance of a mobile device applicationassociated with the external institution and the external computingdevice of the external institution; and instantiate a virtualizedinstance of the mobile device application associated with the externalinstitution, wherein: the virtualized instance of the mobile deviceapplication is configured to communicate with the institution interfacemodule of the computer system so as to interface with the externalcomputing device of the external institution via the non-public API ofthe external computing device of the external institution, thenon-public API of the external computing device of the externalinstitution is configured to interact with the mobile deviceapplication, and the virtualized instance of the mobile deviceapplication is generated based on an analysis of the mobile deviceapplication; authenticate, via the institution interface module, thevirtualized instance of the mobile device application with the externalcomputing device of the external institution based on at least one of:an mobile device identifier code, an mobile device authentication token,or a mobile device Media Access Control (MAC) address; request, by thevirtualized instance of the mobile device application and via thenon-public API of the external computing device of the externalinstitution, the transaction data associated with the user from theexternal computing device of the external institution by: providing theusername associated with the user and the password associated with theuser to the external computing device of the external institution;receiving a request for second factor authentication information fromthe external computing device of the external institution; requesting,via the API of the computer system, the second factor authenticationinformation from the developer computing device; receiving, via the APIof the computer system, the second factor authentication informationfrom the developer computing device; providing the second factorauthentication information to the external computing device of theexternal institution; receiving, from the external computing device ofthe external institution, a response indicating acceptance of the secondfactor authentication information; requesting the transactioninformation from the external computing device of the externalinstitution; and receiving the transaction data associated with the userfrom the external computing device of the external institution; enhancethe transaction data associated with the user to generate enhancedtransaction data by: augmenting, based on an analysis of the transactiondata, a plurality of transaction data items of the transaction data withrespective category labels; augmenting, based on a further analysis ofthe transaction data, the plurality of transaction data items of thetransaction data with respective geolocation information; andstandardizing a format of the transaction data such that the enhancedtransaction data may be provided by the computer system in thenormalized format; provide, via the API of the computer system and inthe normalized format, the enhanced transaction data to the developercomputing device; and persist, in the one or more computer readablestorage devices of the computer system, the virtualized instance of themobile device application such that future requests for transaction dataassociated with the user may be obtained via the virtualized instance ofthe mobile device application.

According to an aspect, the one or more hardware computer processors areconfigured to execute the plurality of computer executable instructionsin order to further cause the computer system to: further in response tothe request: determine a second external institution from which secondtransaction data associated with the user is to be obtained to fulfillthe request; access a second institution interface module of thecomputer system, wherein: the second institution interface module isuniquely configured to enable communication with an external computingdevice of the second external institution via a non-public API of theexternal computing device of the second external institution, thenon-public API of the external computing device of the second externalinstitution is different from the non-public API of the externalcomputing device of the external institution, and the second institutioninterface module is generated based on an analysis of interactionsbetween an actual instance of a second mobile device applicationassociated with the second external institution and the externalcomputing device of the second external institution; and instantiate avirtualized instance of the second mobile device application associatedwith the second external institution, wherein: the virtualized instanceof the second mobile device application is configured to communicatewith the second institution interface module of the computer system soas to interface with the external computing device of the secondexternal institution via the non-public API of the external computingdevice of the second external institution, the non-public API of theexternal computing device of the second external institution isconfigured to interact with the second mobile device application, andthe virtualized instance of the second mobile device application isgenerated based on an analysis the second mobile device application;authenticate, via the second institution interface module, thevirtualized instance of the second mobile device application with theexternal computing device of the second external institution based on atleast one of: an identifier code associated with a mobile device, anauthentication token associated with a mobile device, or a Media AccessControl (MAC) address associated with a mobile device; request, by thevirtualized instance of the second mobile device application and via thenon-public API of the external computing device of the second externalinstitution, the second transaction data associated with the user fromthe external computing device of the second external institution by:providing the username associated with the user and the passwordassociated with the user to the external computing device of the secondexternal institution; requesting the second transaction information fromthe external computing device of the second external institution; andreceiving the second transaction data associated with the user from theexternal computing device of the second external institution; enhancethe second transaction data associated with the user to generate secondenhanced transaction data by: augmenting, based on an analysis of thesecond transaction data, a plurality of transaction data items of thesecond transaction data with respective category labels; augmenting,based on a further analysis of the second transaction data, theplurality of transaction data items of the second transaction data withrespective geolocation information; and standardizing a format of thesecond transaction data such that the second enhanced transaction datamay be provided by the computer system in the normalized format; combinethe enhanced transaction data and the second enhanced transaction datato generate combined enhanced transaction data; provide, via the API ofthe computer system and in the normalized format, the combined enhancedtransaction data to the developer computing device; and persist, in theone or more computer readable storage devices of the computer system,the virtualized instance of the second mobile device application suchthat future requests for transaction data associated with the user maybe obtained via the virtualized instance of the second mobile deviceapplication.

According to another aspect, the institution interface module is furthergenerated based on at least one of: parsing source code of the mobiledevice application or parsing communication between the mobile deviceapplication and the external computing device of the externalinstitution.

According to yet another aspect, the institution interface moduledefines headers of messages sent to the external computing device of theexternal institution.

According to another aspect, the one or more hardware computerprocessors are configured to execute the plurality of computerexecutable instructions in order to further cause the computer systemto: receive, via the API and according to the normalized format, arequest from the developer computing device for at least one of: a listof transactions associated with an account of the user at the externalinstitution, details of a transaction associated with an account of theuser at the external institution, a financial transfer from or to andaccount of the user at the external institution, payment scheduling atthe external institution, an electronic check deposit to an account ofthe user at the external institution, an update of an account of theuser at the external institution, a fraud report at the externalinstitution, or a service request at the external institution.

According to yet another aspect, in response to receiving, from thedeveloper computing device, a request for financial transfer from or toand account of the user at the external institution, the one or morehardware computer processors are configured to execute the plurality ofcomputer executable instructions in order to further cause the computersystem to: request, by the virtualized instance of the mobile deviceapplication and via the non-public API of the external computing deviceof the external institution, a transfer from or two, based on therequest for financial transfer, the account of the user at the externalfinancial institution.

According to yet another embodiment, a computer-implemented method isdisclosed comprising: by one or more hardware computer processorsexecuting a plurality of computer executable instructions: executing anApplication Programming Interface (API) of the computer system, the APIof the computer system configured to receive and provide responses torequests from a developer computing device according to a normalizedformat of the API of the computer system; receiving, via the API andaccording to the normalized format, a request from the developercomputing device for transaction data associated with a user, therequest including at least: a username associated with the user, apassword associated with the user, and an external institutionidentifier; determining, based on the external institution identifier,an external institution associated with the request; in response to therequest: accessing an institution interface module of the computersystem, wherein: the institution interface module is uniquely configuredto enable communication with an external computing device of theexternal institution via a non-public API of the external computingdevice of the external institution, and the institution interface moduleis generated based on an analysis of interactions between an actualinstance of a mobile device application associated with the externalinstitution and the external computing device of the externalinstitution; and instantiating a virtualized instance of the mobiledevice application associated with the external institution, wherein:the virtualized instance of the mobile device application is configuredto communicate with the institution interface module of the computersystem so as to interface with the external computing device of theexternal institution via the non-public API of the external computingdevice of the external institution, the non-public API of the externalcomputing device of the external institution is configured to interactwith the mobile device application, and the virtualized instance of themobile device application is generated based on an analysis of themobile device application; authenticating, via the institution interfacemodule, the virtualized instance of the mobile device application withthe external computing device of the external institution based on atleast one of: an mobile device identifier code, an mobile deviceauthentication token, or a mobile device Media Access Control (MAC)address; requesting, by the virtualized instance of the mobile deviceapplication and via the non-public API of the external computing deviceof the external institution, the transaction data associated with theuser from the external computing device of the external institution by:providing the username associated with the user and the passwordassociated with the user to the external computing device of theexternal institution; in response to receiving a request for secondfactor authentication information from the external computing device ofthe external institution: providing the second factor authenticationinformation to the external computing device of the externalinstitution; and receiving, from the external computing device of theexternal institution, a response indicating acceptance of the secondfactor authentication information; requesting the transactioninformation from the external computing device of the externalinstitution; and receiving the transaction data associated with the userfrom the external computing device of the external institution;enhancing the transaction data associated with the user to generateenhanced transaction data by: augmenting, based on an analysis of thetransaction data, a plurality of transaction data items of thetransaction data with respective category labels; augmenting, based on afurther analysis of the transaction data, the plurality of transactiondata items of the transaction data with respective geolocationinformation; and standardizing a format of the transaction data suchthat the enhanced transaction data may be provided by the computersystem in the normalized format; providing, via the API of the computersystem and in the normalized format, the enhanced transaction data tothe developer computing device; and persisting, in the one or morecomputer readable storage devices of the computer system, thevirtualized instance of the mobile device application such that futurerequests for transaction data associated with the user may be obtainedvia the virtualized instance of the mobile device application.

According to an aspect, the computer-implemented method furthercomprises: by one or more hardware computer processors executing aplurality of computer executable instructions: further in response tothe request: determining a second external institution from which secondtransaction data associated with the user is to be obtained to fulfillthe request; accessing a second institution interface module of thecomputer system, wherein: the second institution interface module isuniquely configured to enable communication with an external computingdevice of the second external institution via a non-public API of theexternal computing device of the second external institution, thenon-public API of the external computing device of the second externalinstitution is different from the non-public API of the externalcomputing device of the external institution, and the second institutioninterface module is generated based on an analysis of interactionsbetween an actual instance of a second mobile device applicationassociated with the second external institution and the externalcomputing device of the second external institution; and instantiating avirtualized instance of the second mobile device application associatedwith the second external institution, wherein: the virtualized instanceof the second mobile device application is configured to communicatewith the second institution interface module of the computer system soas to interface with the external computing device of the secondexternal institution via the non-public API of the external computingdevice of the second external institution, the non-public API of theexternal computing device of the second external institution isconfigured to interact with the second mobile device application, andthe virtualized instance of the second mobile device application isgenerated based on an analysis the second mobile device application;authenticating, via the second institution interface module, thevirtualized instance of the second mobile device application with theexternal computing device of the second external institution based on atleast one of: an identifier code associated with a mobile device, anauthentication token associated with a mobile device, or a Media AccessControl (MAC) address associated with a mobile device; requesting, bythe virtualized instance of the second mobile device application and viathe non-public API of the external computing device of the secondexternal institution, the second transaction data associated with theuser from the external computing device of the second externalinstitution by: providing the username associated with the user and thepassword associated with the user to the external computing device ofthe second external institution; requesting the second transactioninformation from the external computing device of the second externalinstitution; and receiving the second transaction data associated withthe user from the external computing device of the second externalinstitution; enhancing the second transaction data associated with theuser to generate second enhanced transaction data by: augmenting, basedon an analysis of the second transaction data, a plurality oftransaction data items of the second transaction data with respectivecategory labels; augmenting, based on a further analysis of the secondtransaction data, the plurality of transaction data items of the secondtransaction data with respective geolocation information; andstandardizing a format of the second transaction data such that thesecond enhanced transaction data may be provided by the computer systemin the normalized format; combining the enhanced transaction data andthe second enhanced transaction data to generate combined enhancedtransaction data; providing, via the API of the computer system and inthe normalized format, the combined enhanced transaction data to thedeveloper computing device; and persisting, in the one or more computerreadable storage devices of the computer system, the virtualizedinstance of the second mobile device application such that futurerequests for transaction data associated with the user may be obtainedvia the virtualized instance of the second mobile device application.

According to another aspect, the institution interface module is furthergenerated based on at least one of: parsing source code of the mobiledevice application or parsing communication between the mobile deviceapplication and the external computing device of the externalinstitution.

According to yet another aspect, the institution interface moduledefines headers of messages sent to the external computing device of theexternal institution.

According to another aspect, the computer-implemented method furthercomprises: by one or more hardware computer processors executing aplurality of computer executable instructions: receiving, via the APIand according to the normalized format, a request from the developercomputing device for at least one of: a list of transactions associatedwith an account of the user at the external institution, details of atransaction associated with an account of the user at the externalinstitution, a financial transfer from or to and account of the user atthe external institution, payment scheduling at the externalinstitution, an electronic check deposit to an account of the user atthe external institution, an update of an account of the user at theexternal institution, a fraud report at the external institution, or aservice request at the external institution.

According to yet another aspect, the computer-implemented method furthercomprises: by one or more hardware computer processors executing aplurality of computer executable instructions: in response to receiving,from the developer computing device, a request for financial transferfrom or to and account of the user at the external institution:requesting, by the virtualized instance of the mobile device applicationand via the non-public API of the external computing device of theexternal institution, a transfer from or two, based on the request forfinancial transfer, the account of the user at the external financialinstitution.

According to another embodiment, a computer readable storage mediumstoring software instructions is disclosed that, in response toexecution by one or more hardware computer processors, configure the oneor more hardware computer processors to perform operations comprising:executing an Application Programming Interface (API) of the computersystem, the API of the computer system configured to receive and provideresponses to requests from a developer computing device according to anormalized format of the API of the computer system; receiving, via theAPI and according to the normalized format, a request from the developercomputing device for transaction data associated with a user, therequest including at least: a username associated with the user, apassword associated with the user, and an external institutionidentifier; determining, based on the external institution identifier,an external institution associated with the request; in response to therequest: accessing an institution interface module of the computersystem, wherein: the institution interface module is uniquely configuredto enable communication with an external computing device of theexternal institution via a non-public API of the external computingdevice of the external institution, and the institution interface moduleis generated based on an analysis of interactions between an actualinstance of a mobile device application associated with the externalinstitution and the external computing device of the externalinstitution; and instantiating a virtualized instance of the mobiledevice application associated with the external institution, wherein:the virtualized instance of the mobile device application is configuredto communicate with the institution interface module of the computersystem so as to interface with the external computing device of theexternal institution via the non-public API of the external computingdevice of the external institution, the non-public API of the externalcomputing device of the external institution is configured to interactwith the mobile device application, and the virtualized instance of themobile device application is generated based on an analysis of themobile device application; authenticating, via the institution interfacemodule, the virtualized instance of the mobile device application withthe external computing device of the external institution based on atleast one of: an mobile device identifier code, an mobile deviceauthentication token, or a mobile device Media Access Control (MAC)address; requesting, by the virtualized instance of the mobile deviceapplication and via the non-public API of the external computing deviceof the external institution, the transaction data associated with theuser from the external computing device of the external institution by:providing the username associated with the user and the passwordassociated with the user to the external computing device of theexternal institution; in response to receiving a request for secondfactor authentication information from the external computing device ofthe external institution: providing the second factor authenticationinformation to the external computing device of the externalinstitution; and receiving, from the external computing device of theexternal institution, a response indicating acceptance of the secondfactor authentication information; requesting the transactioninformation from the external computing device of the externalinstitution; and receiving the transaction data associated with the userfrom the external computing device of the external institution;enhancing the transaction data associated with the user to generateenhanced transaction data by: augmenting, based on an analysis of thetransaction data, a plurality of transaction data items of thetransaction data with respective category labels; augmenting, based on afurther analysis of the transaction data, the plurality of transactiondata items of the transaction data with respective geolocationinformation; and standardizing a format of the transaction data suchthat the enhanced transaction data may be provided by the computersystem in the normalized format; providing, via the API of the computersystem and in the normalized format, the enhanced transaction data tothe developer computing device; and persisting, in the one or morecomputer readable storage devices of the computer system, thevirtualized instance of the mobile device application such that futurerequests for transaction data associated with the user may be obtainedvia the virtualized instance of the mobile device application.

According to an aspect, further in response to execution by one or morehardware computer processors, the software instructions configure theone or more hardware computer processors to perform operationscomprising: further in response to the request: determining a secondexternal institution from which second transaction data associated withthe user is to be obtained to fulfill the request; accessing a secondinstitution interface module of the computer system, wherein: the secondinstitution interface module is uniquely configured to enablecommunication with an external computing device of the second externalinstitution via a non-public API of the external computing device of thesecond external institution, the non-public API of the externalcomputing device of the second external institution is different fromthe non-public API of the external computing device of the externalinstitution, and the second institution interface module is generatedbased on an analysis of interactions between an actual instance of asecond mobile device application associated with the second externalinstitution and the external computing device of the second externalinstitution; and instantiating a virtualized instance of the secondmobile device application associated with the second externalinstitution, wherein: the virtualized instance of the second mobiledevice application is configured to communicate with the secondinstitution interface module of the computer system so as to interfacewith the external computing device of the second external institutionvia the non-public API of the external computing device of the secondexternal institution, the non-public API of the external computingdevice of the second external institution is configured to interact withthe second mobile device application, and the virtualized instance ofthe second mobile device application is generated based on an analysisthe second mobile device application; authenticating, via the secondinstitution interface module, the virtualized instance of the secondmobile device application with the external computing device of thesecond external institution based on at least one of: an identifier codeassociated with a mobile device, an authentication token associated witha mobile device, or a Media Access Control (MAC) address associated witha mobile device; requesting, by the virtualized instance of the secondmobile device application and via the non-public API of the externalcomputing device of the second external institution, the secondtransaction data associated with the user from the external computingdevice of the second external institution by: providing the usernameassociated with the user and the password associated with the user tothe external computing device of the second external institution;requesting the second transaction information from the externalcomputing device of the second external institution; and receiving thesecond transaction data associated with the user from the externalcomputing device of the second external institution; enhancing thesecond transaction data associated with the user to generate secondenhanced transaction data by: augmenting, based on an analysis of thesecond transaction data, a plurality of transaction data items of thesecond transaction data with respective category labels; augmenting,based on a further analysis of the second transaction data, theplurality of transaction data items of the second transaction data withrespective geolocation information; and standardizing a format of thesecond transaction data such that the second enhanced transaction datamay be provided by the computer system in the normalized format;combining the enhanced transaction data and the second enhancedtransaction data to generate combined enhanced transaction data;providing, via the API of the computer system and in the normalizedformat, the combined enhanced transaction data to the developercomputing device; and persisting, in the one or more computer readablestorage devices of the computer system, the virtualized instance of thesecond mobile device application such that future requests fortransaction data associated with the user may be obtained via thevirtualized instance of the second mobile device application.

According to yet another aspect, the institution interface module isfurther generated based on at least one of: parsing source code of themobile device application or parsing communication between the mobiledevice application and the external computing device of the externalinstitution.

According to another aspect, the institution interface module definesheaders of messages sent to the external computing device of theexternal institution.

According to yet another aspect, further in response to execution by oneor more hardware computer processors, the software instructionsconfigure the one or more hardware computer processors to performoperations comprising: receiving, via the API and according to thenormalized format, a request from the developer computing device for atleast one of: a list of transactions associated with an account of theuser at the external institution, details of a transaction associatedwith an account of the user at the external institution, a financialtransfer from or to and account of the user at the external institution,payment scheduling at the external institution, an electronic checkdeposit to an account of the user at the external institution, an updateof an account of the user at the external institution, a fraud report atthe external institution, or a service request at the externalinstitution.

According to another aspect, further in response to execution by one ormore hardware computer processors, the software instructions configurethe one or more hardware computer processors to perform operationscomprising: in response to receiving, from the developer computingdevice, a request for financial transfer from or to and account of theuser at the external institution: requesting, by the virtualizedinstance of the mobile device application and via the non-public API ofthe external computing device of the external institution, a transferfrom or two, based on the request for financial transfer, the account ofthe user at the external financial institution.

According to yet another embodiment, a computer-implemented method ofauthorizing electronic user account access is disclosed, thecomputer-implemented method comprising: by one or more hardwareprocessors executing program instructions: receiving account credentialsassociated with a user account; receiving one or more permissionsassociated with the user account; receiving an indication of an externalapplication associated with the one or more permissions; determining anexternal user account associated with the user account; determining afirst-party application configured to interface with the external useraccount; instantiating a virtualized instance of the first-partyapplication; authenticating, using the account credentials, thevirtualized instance of the first-party application with the externaluser account to establish communication with the external user account;accessing, via the virtualized instance of the first-party application,one or more items of user account data associated with the user account;and generating an electronic token including: the one or more items ofuser account data, the one or more permissions, and the indication ofthe external application.

According to an aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: generating a unique token identifier; associating theunique token identifier with the electronic token; and communicating theunique token identifier to the external application.

According to another aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving, from a third-party processor: one or moretransaction details associated with a transaction, and the unique tokenidentifier; identifying, based on the unique token identifier, theelectronic token; comparing the one or more transaction details with theone or more permissions; determining, based on the comparing, whether ornot the external application is authorized to initiate the transaction;and communicating, based on determining whether or not the externalapplication is authorized to initiate the transaction, an authorizationindication to the third-party processor.

According to yet another aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: determining, based on the comparing, that the externalapplication is authorized to initiate the transaction, wherein theauthorization indication indicates that the external application isauthorized to initiate the transaction; and communicating, to thethird-party processor, the one or more items of user account data.

According to another aspect, the one or more items of user account dataincludes at least: an account number, or a routing number.

According to yet another aspect the computer-implemented method furthercomprises: executing, by the third-party processor and based on the oneor more items of user account data, the transaction with the externaluser account; and communicating, to the external application, anindication that the transaction has been executed.

According to another aspect the computer-implemented method furthercomprises: causing, based on the one or more items of user account data,the third-party processor to execute the transaction with the externaluser account; and communicating, to the external application, anindication that the transaction has been executed.

According to yet another aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: determining, based on the comparing, that the externalapplication is not authorized to initiate the transaction, wherein theauthorization indication indicates that the external application is notauthorized to initiate the transaction.

According to another aspect, the one or more transaction details and theunique token identifier were communicated to the third-party processorfrom the external user account.

According to yet another aspect, the one or more transaction detailsinclude at least one of: an amount of the transaction or a frequency ofthe transaction.

According to another aspect, the electronic token further includes ahistory of transactions associated with the external application, andwherein the comparing further comprises comparing the one or moretransaction details with the history of transactions.

According to yet another aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: generating a unique token identifier; associating theunique token identifier with the electronic token; communicating theunique token identifier to the external application; receiving anindication of a change to the one or more permissions; and updating theelectronic token to reflect the change to the one or more permissions.

According to another aspect, the change to the one or more permissioncomprises a revocation of the electronic token, and wherein thecomputer-implemented method further comprises: by the one or morehardware processors executing program instructions: receiving, from athird-party processor: one or more transaction details related to atransaction, and the unique token identifier; identifying, based on theunique token identifier, the electronic token; comparing the one or moretransaction details with the one or more permissions; determining, basedon the comparing, that the external application is not authorized toinitiate the transaction due to the revocation of the electronic token;and communicating, an indication that the external application is notauthorized to initiate the transaction. 14. The computer-implementedmethod of Claim 1, wherein the account credentials include at least ausername and a password associated with the user account.

According to yet another aspect, the one or more permissions include atleast one of: an indication of an allowable frequency of transactions,an indication of an allowable amount of a transaction, an indication ofa type of an allowable transaction, an indication of an allowable amountof transactions within a time period, or an indication of an allowableuse of a transaction.

According to another aspect, the external application comprises at leastone of: an application configured to run on a computing device of auser, or an application accessible via a computer device of a user.

According to yet another aspect, the one or more items of user accountdata includes at least: an account number, or a routing number.

According to another aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: securely storing the electronic token.

According to another embodiment, a computer-implemented method ofauthorizing electronic user account access is disclosed, thecomputer-implemented method comprising: by one or more hardwareprocessors executing program instructions: receiving account credentialsassociated with a user account; receiving one or more permissionsassociated with the user account; receiving an indication of an externalapplication associated with the one or more permissions; determining anexternal user account associated with the user account; determining afirst-party application configured to interface with the external useraccount; instantiating a virtualized instance of the first-partyapplication; authenticating, using the account credentials, thevirtualized instance of the first-party application with the externaluser account to establish communication with the external user account;accessing, via the virtualized instance of the first-party application,one or more items of user account data associated with the user account;communicating, to a third-party processor: the one or more items of useraccount data, the one or more permissions, and the indication of theexternal application; causing the third-party processor to: generate anelectronic token including: the one or more items of user account data,the one or more permissions, and the indication of the externalapplication; generate a unique token identifier; associate the uniquetoken identifier with the electronic token; and communicate the uniquetoken identifier to the external application; receiving, from theexternal application: one or more transaction details associated with atransaction, and the unique token identifier; and causing thethird-party processor to further: identify, based on the unique tokenidentifier, the electronic token; compare the one or more transactiondetails associated with the transaction with the one or morepermissions; determine, based on the comparing, that the externalapplication is authorized to initiate the transaction; execute thetransaction by interaction with the external user account; andcommunicate, to the external application, an indication that thetransaction has been executed.

According to an aspect the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving an indication of a change to the one or morepermissions, wherein the change to the one or more permission comprisesa revocation of the electronic token; causing the third-party processorto further: update the electronic token to reflect the change to the oneor more permissions; receiving, from the external application: one ormore transaction details related to a second transaction, and the uniquetoken identifier; and causing the third-party processor to further:identify, based on the unique token identifier, the electronic token;compare the one or more transaction details associated with the secondtransaction with the one or more permissions; determine, based on thecomparing of the one or more transaction details associated with thesecond transaction with the one or more permissions, that the externalapplication is not authorized to initiate the transaction due to therevocation of the electronic token; and communicate, to the externalapplication, an indication that the external application is notauthorized to initiate the transaction.

According to yet another embodiment, a computer system is disclosedcomprising: one or more computer-readable storage devices configured tostore a plurality of computer executable instructions; and one or morehardware computer processors in communication with the one or morecomputer-readable storage devices and configured to execute theplurality of computer executable instructions in order to cause thecomputer system to: receive, from a first computing device, a requestfor data associated with a user, the request including authenticationcredentials associated with the user; identify an institution associatedwith the request; instantiate a simulated instance of a softwareapplication associated with the institution, wherein: the simulatedinstance of the software application is configured to interface, via anAPI, with a second computing device that is associated with theinstitution, and the simulated instance of the software application isconfigured to appear, from the perspective of the second computingdevice, to be the software application executing on a physical computingdevice of the user; request, by the simulated instance of the softwareapplication and via the API, data associated with the user from thesecond computing device; receive the data associated with the user fromthe second computing device; and provide, to the another computingdevice, the data.

According to an aspect, the one or more hardware computer processors areconfigured to execute the plurality of computer executable instructionsin order to further cause the computer system to: authenticate thesimulated instance of the software application with the second computingdevice based on at least one of: an identifier code, an authenticationtoken, or a Media Access Control (MAC) address.

According to another aspect, the authentication credentials associatedwith the user include at least a username associated with the user, anda password associated with the user; and requesting the data associatedwith the user further includes providing, to the second computingdevice, the username associated with the user and the passwordassociated with the user.

According to yet another aspect, the one or more hardware computerprocessors are configured to execute the plurality of computerexecutable instructions in order to further cause the computer systemto: further request, by the simulated instance of the softwareapplication and via the API, the data associated with the user from thesecond computing device by: receiving, from the second computing device,a request for second factor authentication information; requesting, fromthe first computing device, the second factor authenticationinformation; receiving, from the first computing device, the secondfactor authentication information; and providing, to the secondcomputing device, the second factor authentication information.

According to another aspect, the one or more hardware computerprocessors are configured to execute the plurality of computerexecutable instructions in order to further cause the computer systemto: augment, based on an analysis of the data, a plurality of data itemsof the data with respective category labels; and augment, based on afurther analysis of the data, the plurality of data items of the datawith respective geolocation information.

According to yet another aspect, the one or more hardware computerprocessors are configured to execute the plurality of computerexecutable instructions in order to further cause the computer systemto: standardize a format of the data such that the data may be providedin the normalized format.

According to another aspect, the simulated instance of the softwareapplication is generated based on at least one of: an analysis of anactual instance of the software application, or interactions between anactual instance of the software application and the second computingdevice.

According to yet another aspect, the one or more hardware computerprocessors are configured to execute the plurality of computerexecutable instructions in order to further cause the computer systemto: store, in the one or more computer-readable storage devices, thesimulated instance of the software application such that future requestsfor data may be obtained via the simulated instance of the softwareapplication.

According to another aspect, the another computing device is the firstcomputing device.

According to yet another aspect, the another computing device is a thirdcomputing device different from the first computing device and thesecond computing device, wherein the third computing device isassociated with a trusted third-party processor system.

According to yet another embodiment a computer-implemented method ofproviding user account data is disclosed, the computer-implementedmethod comprising: by one or more hardware processors executing programinstructions: receiving, from a first computing device, informationassociated with an authorization request, wherein the informationincludes at least: account credentials associated with one or more useraccounts; generating at least: an electronic record of the information,and a token associated with the electronic record; providing the tokento the first computing device; receiving, from a second computingdevice, at least: the token, and a request for user account dataassociated with at least one of the one or more user accounts; andproviding, to the second computing device and based on the accountcredentials, user account data associated with the at least one of theone or more user accounts.

According to an aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: verifying authorization to access the user account databased on the token.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing, to the first computing device, a request foradditional information.

According to yet another aspect, the additional information includes atleast one of: multi-factor authentication information, a selection of auser account of a plurality of user accounts, or an indication ofagreement to a document.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving, from the first computing device, a response tothe request for additional information, wherein the user account data isnot provided to the second computing device until after the response isreceived.

According to yet another aspect, the information further includes atleast one of: an indication of an external application, or an indicationof an entity associated with the second computing device.

According to another aspect, the second computing device is configuredto provide the user account data to a computing device associated withthe external application.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving a request to deauthorize access to the useraccount data by the external application; and in response to the requestto deauthorize access, revoking the token or access to the user accountassociated with the token.

According to another aspect, the information further includes one ormore permissions.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: in response to receiving the request for user accountdata, determining, based on the one or more permissions, anauthorization of an external application to access the user accountdata.

According to another aspect, the first computing device includes programinstructions that, when executed by a processor of the first computingdevice, cause the first computing device to provide the token to thesecond computing device.

According to another embodiment a computer-implemented method ofproviding user account data is disclosed, the computer-implementedmethod comprising: by one or more hardware processors executing programinstructions: receiving, from a first computing device, a tokenassociated with an authorization request, wherein the token is furtherassociated with an institution, an external application, and a useraccount held by the institution; receiving a request for user accountdata from a second computing device, wherein the second computing deviceis associated with the external application; providing, to a computingdevice associated with the institution: the token, and a request foruser account data associated with the user account; and receiving useraccount data from a computing device associated with the institution.

According to an aspect, the token is received from a computing deviceassociated with the institution.

According to another aspect, the token is received from the firstcomputing device.

According to yet another aspect, the token is generated by a computingdevice of the institution based on account credentials provided via thefirst computing device to a computing device associated with theinstitution.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing, to the first computing device, instructions toprovide the account credentials to a computing device associated withthe institution.

According to yet another aspect, the token is used by the institution toauthorize access to the user account data based on account credentialsassociated with the token.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing a unique identifier associated with the token toa computing device associated with the external application, wherein therequest for user account data includes the unique identifier.

According to yet another aspect, the unique identifier associated withthe token is provided to the computing device associated with theexternal application by at least: providing a public token or key to thecomputing device associated with the external application; receiving,from the computing device associated with the external application,authentication information including the public token or key, a secretkey, and an identifier associated with the external application; andverifying the validity of the authentication information.

According to another aspect, the second computing device is configuredto provide the user account data to the first computing device.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving a request to deauthorize access to the useraccount data by the external application; and in response to the requestto deauthorize access, revoke the token or access to the user accountdata associated with the token.

According to another aspect, the information further includes one ormore permissions.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: in response to receiving the request for user accountdata, determining, based on the one or more permissions, anauthorization of the external application to access the user accountdata.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing the user account data to at least one of: thesecond computing device, or a computing device associated with a trustedthird-party transaction processor.

According to yet another embodiment a computer-implemented method ofproviding user account data is disclosed, the computer-implementedmethod comprising: by one or more hardware processors executing programinstructions: providing, to a first computing device associated with aninstitution, information associated with an authorization request,wherein the information includes at least: account credentialsassociated with one or more user accounts; receiving, from the firstcomputing device, a request for additional information, wherein theadditional information includes at least one of: multi-factorauthentication information, a selection of a user account of a pluralityof user accounts, or an indication of agreement to a document;receiving, from a computing device associated with the institution, atoken associated with the institution, an external application, and atleast one of the one or more user accounts; and providing the token to asecond computing device.

According to an aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: rendering a graphical user interface; and receiving, viathe graphical user interface, the account credentials, wherein theaccount credentials are securely received and provided to the firstcomputing device and are not accessible by the second computing deviceor the third computing device.

According to another aspect, the information further includes at leastone of: an indication of an external application, or an indication of anentity associated with the second computing device.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving, from a third computing device associated withthe external application, user account data associated with the at leastone of the one or more user accounts.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving, from a computing device associated with atrusted third-party transaction processor, user account data associatedwith the at least one of the one or more user accounts.

According to another embodiment a computer-implemented method ofinteracting with a user account is disclosed, the computer-implementedmethod comprising: by one or more hardware processors executing programinstructions: receiving, from a first computing device, informationassociated with an authorization request, wherein the informationincludes at least: account information associated with a user accountthat is associated with an institution, and an identifier associatedwith an external application; generating at least: an electronic recordof the information, and a token associated with the electronic record;causing at least one of a unique identifier associated with the token orthe token to be provided to a second computing device, wherein thesecond computing device is associated with the external application;receiving, from the second computing device, at least: the at least oneof the unique identifier associated with the token or the token, and arequest to cause a transaction related to the user account to beexecuted; and initiating the transaction via communication with a thirdcomputing device, wherein the third computing device is associated withthe institution or another institution or transaction processor.

According to an aspect, the at least one of the unique identifierassociated with the token or the token is provided to the secondcomputing device via the first computing device.

According to another aspect, the at least one of the unique identifierassociated with the token or the token is provided to the secondcomputing device directly.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: verifying authorization to cause the transaction to beexecuted based on the at least one of the unique identifier associatedwith the token or the token.

According to another aspect, the information further includes one ormore permissions.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: in response to receiving the request to cause thetransaction related to the user account to be executed, determining,based on the one or more permissions, an authorization of the externalapplication to cause the transaction related to the user account to beexecuted.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing an indication to the second computing devicewhether or not there is an authorization of the external application tocause the transaction related to the user account to be executed.

According to yet another aspect, the information further includes atleast one of: an indication of the external application, or anindication of the institution.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving a request to deauthorize execution oftransactions related to the user account by the external application;and in response to the request to deauthorize execution of transactions,revoking the at least one of the unique identifier associated with thetoken or the token.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing an indication to the second computing devicewhether or not execution of the transaction is successful.

According to another aspect, the account information associated with auser account includes at least one of: an account number, or a routingnumber.

According to yet another aspect, the generating is performed in responseto a request received from a computing device associated with theexternal application.

According to yet another embodiment a computer-implemented method ofproviding user account data is disclosed, the computer-implementedmethod comprising: by one or more hardware processors executing programinstructions: receiving, from a first computing device associated withan external application, an authorization request including anindication of a user account; receiving, from a second computing deviceassociated with an institution, information associated with the useraccount held by the institution; providing at least a portion of theinformation associated with the user account to a third computing deviceassociated with a third-party transaction processor; receiving a tokenassociated with the institution, the external application, and the useraccount held by the institution; and providing at least one of a uniqueidentifier associated with the token or the token to a computing deviceassociated with the external application.

According to an aspect, the unique identifier associated with the tokenis provided to the computing device associated with the externalapplication by at least: providing a public token or key to thecomputing device associated with the external application; receiving,from the computing device associated with the external application,authentication information including the public token or key, a secretkey, and an identifier associated with the external application; andverifying the validity of the authentication information.

According to another aspect, the computing device associated with theexternal application is configured to send requests including the atleast one of the unique identifier associated with the token or thetoken to a computing device associated with the third-party transactionprocessor.

According to yet another aspect, the token is received from a computingdevice associated with the third-party transaction processor.

According to another aspect, the token is received from a computingdevice associated with the institution.

According to yet another aspect, the token is generated by a computingdevice associated with the third-party transaction processor based onthe portion of the information associated with the user account.

According to another aspect, the token or information associated withthe token is used by the third-party transaction processor to authorizetransactions related to the user account.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving a request to deauthorize access to the useraccount by the external application; and in response to the request todeauthorize access, cause the token to be revoked or cause access to theuser account associated with the token to be revoked

According to another aspect, the token is further associated with one ormore permissions.

According to yet another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing, to a fourth computing device, instructions toprovide account credentials to the second computing device associatedwith the institution, wherein the information associated with theinstitution is received in response to the fourth computing deviceproviding the account credentials to the second computing device.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: providing, to the fourth computing device, a request foradditional information.

According to yet another aspect, the additional information includes atleast one of: multi-factor authentication information, a selection of auser account of a plurality of user accounts, or an indication ofagreement to a document.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: receiving, from the fourth computing device, a response tothe request for additional information, wherein the portion of theinformation associated with the user account is not provided to thethird computing device until after the response is received.

According to yet another aspect, the portion of the informationassociated with a user account includes at least one of: an accountnumber, or a routing number.

According to another aspect, the computer-implemented method furthercomprises: by the one or more hardware processors executing programinstructions: requesting, from the second computing device associatedwith the institution, the information associated with the user accountheld by the institution by at least: instantiating a simulated instanceof a software application associated with the institution, wherein: thesimulated instance of the software application is configured tointerface, via an API, with a second computing device that is associatedwith the institution, and the simulated instance of the softwareapplication is configured to appear, from the perspective of the secondcomputing device, to be the software application executing on a physicalcomputing device of a user associated with the user account; andrequesting, by the simulated instance of the software application andvia the API, the information associated with the user account from thesecond computing device.

According to another embodiment a computer-implemented method isdisclosed comprising: by one or more hardware processors executingprogram instructions: receiving, from a first computing deviceassociated with an external application, at least: a request to executea transaction, and account information associated with a user accountthat is associated with an institution; requesting, from a secondcomputing device, at least an indication that the external applicationis authorized to cause the transaction to be executed; receiving, fromthe second computing device, the indication that the externalapplication is authorized to cause the transaction to be executed; andinitiating the transaction in response to receiving the indication.

According to an aspect, a token is also received from the firstcomputing device.

According to another aspect, the token is generated by the secondcomputing device and provided to the first computing device by thesecond computing device.

According to yet another aspect, the token is associated with theaccount information, the external application, and one or morepermissions.

According to another aspect, requesting the indication that the externalapplication is authorized to cause the transaction to be executedincludes sending the token to the second computing device, and whereinthe second computing device compares the request with the permissionsassociated with the token.

According to yet another aspect, the transaction via communication witha third computing device, wherein the third computing device isassociated with the institution or another institution or transactionprocessor.

According to another aspect, the account information includes at leastone of: an account number, or a routing number.

Additional embodiments of the disclosure are described below inreference to the appended claims, which may serve as an additionalsummary of the disclosure.

In various embodiments, systems and/or computer systems are disclosedthat comprise a computer readable storage medium having programinstructions embodied therewith, and one or more processors configuredto execute the program instructions to cause the one or more processorsto perform operations comprising one or more aspects of the above-and/or below-described embodiments (including one or more aspects of theappended claims).

In various embodiments, computer-implemented methods are disclosed inwhich, by one or more processors executing program instructions, one ormore aspects of the above- and/or below-described embodiments (includingone or more aspects of the appended claims) are implemented and/orperformed.

In various embodiments, computer program products comprising a computerreadable storage medium are disclosed, wherein the computer readablestorage medium has program instructions embodied therewith, the programinstructions executable by one or more processors to cause the one ormore processors to perform operations comprising one or more aspects ofthe above- and/or below-described embodiments (including one or moreaspects of the appended claims).

BRIEF DESCRIPTION OF THE DRAWINGS

The following drawings and the associated descriptions are provided toillustrate embodiments of the present disclosure and do not limit thescope of the claims. Aspects and many of the attendant advantages ofthis disclosure will become more readily appreciated as the same becomebetter understood by reference to the following detailed description,when taken in conjunction with the accompanying drawings, wherein:

FIG. 1 is a block diagram illustrating various aspects of a computingsystem and network environment in which the computing system may beimplemented, according to an embodiment;

FIG. 2 illustrates aspects of some example proxy instances, according toan embodiment;

FIG. 3 is a flowchart illustrating an example method of accessing useraccount data, according to an embodiment;

FIG. 4A illustrates aspects of an application proxy system, according toan embodiment;

FIG. 4B illustrates aspects of some example proxy instances, accordingto an embodiment;

FIG. 5 is a flowchart illustrating an example method of processingtransactions, according to an embodiment;

FIG. 6 is a simplified block diagram of the computing system and networkenvironment of FIG. 1, according to an embodiment;

FIGS. 7-8 illustrate examples of API request and response flows of thesystem, according to an embodiment;

FIGS. 9-10 are flowcharts illustrating example methods of processingtransactions, according to various embodiments;

FIG. 11 is a block diagram of an example architecture of the system,according to an embodiment;

FIG. 12 illustrates an example network environment in which apermissions management system may operate, according to an embodiment;

FIGS. 13A-13B and 14-15 are action diagrams illustrating exampleinteractions among the aspects of the network environment, according tovarious embodiments;

FIGS. 16A-16B are flowcharts of example methods of generating a token,according to various embodiments;

FIG. 17 illustrates examples of a token map and a record vault,according to an embodiment;

FIG. 18 is a flowchart of an example method of the system, according toan embodiment; and

FIGS. 19A-19J, and 20A-20C illustrate example interactive userinterfaces of the system, according to various embodiments.

DETAILED DESCRIPTION

Although certain preferred embodiments and examples are disclosed below,inventive subject matter extends beyond the specifically disclosedembodiments to other alternative embodiments and/or uses and tomodifications and equivalents thereof. Thus, the scope of the claimsappended hereto is not limited by any of the particular embodimentsdescribed below. For example, in any method or process disclosed herein,the acts or operations of the method or process may be performed in anysuitable sequence and are not necessarily limited to any particulardisclosed sequence. Various operations may be described as multiplediscrete operations in turn, in a manner that may be helpful inunderstanding certain embodiments; however, the order of descriptionshould not be construed to imply that these operations are orderdependent. Additionally, the structures, systems, and/or devicesdescribed herein may be embodied as integrated components or as separatecomponents. For purposes of comparing various embodiments, certainaspects and advantages of these embodiments are described. Notnecessarily all such aspects or advantages are achieved by anyparticular embodiment. Thus, for example, various embodiments may becarried out in a manner that achieves or optimizes one advantage orgroup of advantages as taught herein without necessarily achieving otheraspects or advantages as may also be taught or suggested herein.

I. Overview

As mentioned above, according to various embodiments systems aredisclosed for securely and efficiently obtaining user account data viainstantiation of virtualized or simulated instances of first-partysoftware applications. For example, the systems of the presentdisclosure include generation of proxy, virtualized, or simulatedinstances of software applications that are configured to interface withexternal systems via public or non-public (e.g., proprietary)application programming interfaces (APIs). The virtualized or simulatedinstances of the software applications may be authenticated with theexternal systems as if the virtualized/simulated instances are actuallyfirst-party software applications executing on a user computing device.Via the public/non-public APIs user account information may be obtainedand processed, such that the data may be normalized and provided toother software systems via a normalized API of the system. Accordingly,the systems of the present disclosure may be significantly moreefficient at obtaining user account data from external systems thanprevious techniques. Further, the user account data may be normalizedand provided via a normalized API, enabling others to efficiently accesssuch data (originally obtained from multiple external systems) from asingle standardized interface in a highly efficient manner.

As also mentioned above, embodiments of the present disclosure alsorelate to systems (e.g., a permissions management system) and techniquesfor enabling a user to securely authorize a third-party system toinitiate transactions related to an account, without disclosing to thethird-party system the account credentials (e.g., an identity of theaccount). Such transactions may include, for example, initiating anelectronic payment, or the like. Further, the systems and techniques ofthe present disclosure may enable the user to securely de-authorize thethird-party system from initiating transactions related to the account.The disclosure includes, in some embodiments, automatic generation ofelectronic records that securely store account information. In someimplementations the electronic records may include one or morepermissions related to the account and the third-party. A token (e.g., aunique identifier associated with the electronic record, also referredto herein as a “unique record identifier”) may be shared with thethird-party system, but neither the electronic record itself, nor theuser account credentials, may be shared with the third-party.Accordingly, the third-party (e.g., a merchant system or a softwareapplication developed by a developer) may request user account dataand/or initiate transactions by providing the token, but does not itselfknow, e.g., account number, etc. Further, in some implementations theuser may set various permissions related to the token/electronic record,and may also revoke permissions associated with the token/electronicrecord (e.g., de-authorize the third-party), thus providing increasedsecurity to the user's account. The disclosure further includes variousinteractive user interfaces to facilitate the above-describedfunctionality.

Various other aspects of the disclosure are described below in detail.

Embodiments of the disclosure will now be described with reference tothe accompanying figures, wherein like numerals refer to like elementsthroughout. The terminology used in the description presented herein isnot intended to be interpreted in any limited or restrictive manner,simply because it is being utilized in conjunction with a detaileddescription of certain specific embodiments of the disclosure.Furthermore, embodiments of the disclosure may include several novelfeatures, no single one of which is solely responsible for its desirableattributes or which is essential to practicing the embodiments of thedisclosure herein described.

II. Definitions

In order to facilitate an understanding of the systems and methodsdiscussed herein, a number of terms are defined below. The terms definedbelow, as well as other terms used herein, should be construed broadlyto include the provided definitions, the ordinary and customary meaningof the terms, and/or any other implied meaning for the respective terms.Thus, the definitions below do not limit the meaning of these terms, butonly provide example definitions.

Permissions Management System (also referred to herein as “the system”):A computing system, the functionality of which is described in detail inthe present disclosure. Functions of the permissions management system(which are described in further detail below) include, but are notlimited to: accessing and/or extracting user account data from externaluser account systems; initiating execution of, or executing,transactions via external user account systems; generating secureelectronic records and tokens (e.g., unique identifiers associated withthe electronic records) based on user account data; enablingpermissioning of access to, and execution of transactions on, useraccounts on the user account systems; enabling revocation of permissionsfor, or de-authorization of, access to user accounts on the user accountsystems; and/or enabling revocation of permissions for, orde-authorization of, rights to execute transactions via user accounts onthe user account systems. One or more of these functionalities may beimplemented via the permissions management system, as described below,and may be accessible to customers via a standardized applicationprogramming interface (API). Accordingly, a customer may access any ofthe functionality of the permissions management system (including, e.g.,accessing user account data, permissioning access to user account data,etc.), via the standardized application programming interface (API).

External User Account System: A computing system or service of anexternal institution. For ease of description, general references hereinto external institutions (or more simply “institutions”) may beunderstood to refer to the external user account systems of thoseinstitutions. Accordingly, external user account systems may also bereferred to herein as “external institution system,” “external banksystems,” “bank systems,” “banks,” “institutions,” “external services,”and/or the like. As described below, external user account systems mayprovide public and/or non-public (e.g., proprietary) applicationprogramming interfaces (APIs) by which user account data may be accessedby first-party software applications (e.g., mobile device softwareapplications) of the external institutions. However, as furtherdescribed below, the system of the present disclosure may enable accessto user account data via such public/non-public APIs of the externaluser account systems by, e.g., instantiating virtual and/or proxyinstances of the first-party software applications of the externalinstitutions. External user accounts may also be referred to herein as“user accounts.”

External Institution: An entity that maintains a user account. Examplesof external institutions (also referred to herein as “institutions”)include, but are not limited to, banks, credit card providers,investment services, loan providers, and/or other suitable financialinstitutions or user account holding institutions.

Application Programming Interface (API): A set of routines, protocols,and/or tools for building a software application. Generally an APIdefines a standardized set of operations, inputs, outputs, andunderlying types, such that functionality is accessible via the API inan efficient way. The system provides an API by which a customer mayaccess any of the functionality of the system, as described herein.Accordingly, the system advantageously abstracts away (from a customer'sperspective), much of the complexity that may be involved in thefunctionality of the system, and enables the customer to quickly andefficiently leverage the functionality of the system to build othersystems and services.

Customer: One who makes use of the API of the system to accessfunctionality of the system in a software application of the customer,as described herein. Customers of the system may include, but are notlimited to, software developers (who may be developing, e.g., a softwareapplication such as a store, or mobile app), third-party processors(e.g., third-party payment processors), external institutions,merchants, and/or the like.

External User-Facing System/Application: A software application and/orcomputing system of a customer (e.g., developed by a customer) thatinteracts with the system via the API of the system. Examples ofexternal user-facing systems/applications include, but are not limitedto, desktop software applications, mobile device software applications,server software applications, and/or the like. In general, externaluser-facing systems/applications provide goods or services to a user. Insome instances, for ease of description, such software applications maybe referred to herein as “apps.” Additionally, external user-facingsystems/applications may also be referred to herein as “developersystems,” “developer computing devices,” and/or the like. Examples ofexternal user-facing systems/applications include apps for paymentprocessing, account data review/analysis, budgeting, account monitoring,providing recommendations for savings, etc.

Third-Party Processor: An entity that processes transactions, e.g.,financial transactions for a merchant. When provided with accountinformation (e.g., credit/debit card information, bank accountinformation, etc.) and payment information (e.g., how much to pay, towhom, and when, etc.), executes and processes a transaction. In someimplementations, the system may interact with one or more third-partyprocessor systems to execute and/or process payments. Alternatively, thesystem may include functionality to process transactions, and thus mayeffectively act as its own “third-party” processor (thus, “third-party”is somewhat of a misnomer in this context, but the term “third-party” isused in the present disclosure for clarity purposes). Third-partyprocessors may be referred to herein as “trusted” third-partyprocessors, because in some implementations the third-party processor isentrusted with user account data that, for example, an externaluser-facing system/application is not. Third-party processors may bereferred to herein as “third-party transaction processors.” As usedherein, the term “transactions” may include any of various types ofactivities related to accounts, including but not limited to: financialtransactions (e.g., ACH transfers, credit card transactions, debit cardtransactions, other types of payments or money transfers, etc.),updating account information, setting up alerts, etc. The system mayadditionally enable various other types of activities (e.g., updatingaccount information, requesting services, etc.) that in some instancesmay be referred to herein as executing transactions, and/or the like.

User: A holder of a user account at an external institution. In general,a user maintains account credentials for accessing their user account,and provides authorizations and/or de-authorizations for an externaluser-facing system/application of a customer (e.g., an “app” of adeveloper) to limitedly and securely access the user account (e.g., toinitiate payments for goods or services). Such authorizations and/orde-authorizations (among other functionality) are enabled by the systemand via the API of the system, as described herein. Advantageously,according to some embodiments, the user's account credentials are neveraccessible to the external user-facing system/application. Rather, thesystem may securely enable the user to indicate authorizations and/orde-authorizations, without revealing the account credentials outside ofthe system (and/or trusted entities of the system, such as a trustedthird-party processor).

User Input (also referred to as “input.”): A person's (e.g., a user orcustomer) interactions with a computing system, such as any type ofinput provided by a user/customer that is intended to be received and/orstored by the system, to cause an update to data that is displayedand/or stored by the system, to cause an update to the way that data isdisplayed and/or stored by the system, and/or the like. Non-limitingexamples of such user inputs include keyboard inputs, mouse inputs,digital pen inputs, voice inputs, finger touch inputs (e.g., via touchsensitive display), gesture inputs (e.g., hand movements, fingermovements, arm movements, movements of any other appendage, and/or bodymovements), and/or the like. Additionally, user inputs to the system mayinclude inputs via tools and/or other objects manipulated by the user.For example, the user may move an object, such as a tool, stylus, orwand, to provide inputs. Further, user inputs may include motion,position, rotation, angle, alignment, orientation, configuration (e.g.,fist, hand flat, one finger extended, etc.), and/or the like. Forexample, user inputs may comprise a position, orientation, and/or motionof a hand and/or a 3D mouse.

Data Store: Any computer readable storage medium and/or device (orcollection of data storage mediums and/or devices). Examples of datastores include, but are not limited to, optical disks (e.g., CD-ROM,DVD-ROM, etc.), magnetic disks (e.g., hard disks, floppy disks, etc.),memory circuits (e.g., solid state drives, random-access memory (RAM),etc.), and/or the like. Another example of a data store is a hostedstorage environment that includes a collection of physical data storagedevices that may be remotely accessible and may be rapidly provisionedas needed (commonly referred to as “cloud” storage).

Database: Any data structure (and/or combinations of multiple datastructures) for storing and/or organizing data, including, but notlimited to, relational databases (e.g., Oracle databases, mySQLdatabases, etc.), non-relational databases (e.g., NoSQL databases,etc.), in-memory databases, spreadsheets, as comma separated values(CSV) files, eXtendible markup language (XML) files, TeXT (TXT) files,flat files, spreadsheet files, and/or any other widely used orproprietary format for data storage. Databases are typically stored inone or more data stores. Accordingly, each database referred to herein(e.g., in the description herein and/or the figures of the presentapplication) is to be understood as being stored in one or more datastores.

III. Example Systems and Methods for Programmatically Accessing UserAccount Data

FIG. 1 illustrates certain aspects of a computing system 100 (e.g., thesystem) that may access user account data from one or more external useraccount systems. The system 100 may include an application programminginterface (API) service 110, an application proxy system 120, and atleast one institution interface module (e.g., modules 131, 132, and133). The system functions to provide programmatic access to one or moreexternal user account systems (e.g., external user account systems 141,142, and 143) that lack exposed programmatic access. The external useraccount systems may comprise proprietary and external financial services(e.g., financial institution services, among others, as describedabove). Such institutions may have first party software applications(e.g., mobile applications) that enable users to access user accountdata/information from a mobile or desktop device. Such first partyapplications commonly use proprietary or customized applicationprogramming interfaces (API) (e.g., APIs 161, 162, and 163). These APIsare commonly not public and not exposed. For example, a developer iscommonly prevented from registering an account and using an open APIauthentication approach to arbitrarily access the API resources of suchexternal user account systems. Additionally, the APIs (e.g., APIs 161,162, and 163) of the external user account systems are a non-trivialcustomized interface protocols that may not be shared with otherinstitutions; e.g., each external user account system conforms to itsown interface.

The system 100 functions to provide a normalized interface (e.g., APIservice 110) to the one or more external user account systems (e.g.,external user account systems 141, 142, and 143). The system 100 enablesaccess to a user account within an external user account system byleveraging the application proxy system 120. A virtualized “image” ordigital simulation of an application instance is maintained in theapplication proxy system 120 and used to access the unexposed API (e.g.,APIs 161, 162, and 163) of the external user account system. While thesystem may be applied to financial institutions, the system mayadditionally or alternatively be applied to providing API access toother external systems with closed or limited API access.

The API 110 of the system functions to provide a normalized customerfacing interface. The API 110 may be normalized in the sense that theunderlying non-public (or public) API to the external user accountsystem (e.g., external user account systems 141, 142, and 143) that actsas the source of the user account data is abstracted away, and the API110 to various different external user account systems is substantiallystandardized. In some variations, various aspects of the API 110 may belimited when interfacing with external user account systems. Forexample, one institution may not support a feature such as digital checkdeposit, while a second institution does. In this case, the API 110 maydefine the API such that the API feature for check deposit is preventedfor the first institution. The system 100, and more specifically the API110, may be used to provide an accessible API service to customers,e.g., outside developers. As such, the system 100 is may be amulti-tenant system that allows numerous accounts to share use of thesystem 100. The system 100 and more particularly the API 110 mayalternatively be a single tenant system. For example, the system may beused as an internal system to a website providing an online financialmanagement product.

The API service 110 may be a RESTful API, but may alternatively be anysuitable API such as SOAP or custom protocol. The RESTful API worksaccording to an HTTP request and response model. HTTP requests (or anysuitable request communication) to the system 100 may observe theprinciples of a RESTful design. RESTful is understood in this documentto describe a Representational State Transfer architecture as is knownin the art. The RESTful HTTP requests may be stateless, thus eachmessage communicated contains all necessary information for processingthe request and generating a response. The API service 110 can includevarious resources which act as endpoints which act as a mechanism forspecifying requested information or requesting particular actions. Theresources can be expressed as URI's or resource paths. The RESTful APIresources can additionally be responsive to different types of HTTPmethods such as GET, PUT, POST and/or DELETE.

The API service 110 can provide an interface into a variety ofinformation and action resources, as provided by the system 100.Information/data relating to a user account may be accessible throughquerying particular API resources via the API 110. For example, a listof transactions and information about each individual transaction may beaccessible through different API calls of the API 110. Information canadditionally relate to account summary information, account details suchas address and contact information, information about other parties suchas the entities involved in a transaction, and/or any suitableinformation. The API 110 may additionally be used to trigger orfacilitate performing some action. For example, an API call may be usedin transferring money, updating account information, setting up alerts,or performing any suitable action. Those skilled in the art willappreciate that such example API features that any suitable API featurepossibilities and semantic architecture may be used.

In one example implementation, an API call via the API 110 can supportadding a user, completing authentication, accessing transactioninformation, and other actions. For example, an application may POST toa “/connect” REST API resource of the API 110 to authenticate a user; ifan institution includes multi-factor authentication, then a“/connect/step” resource can be submitted to complete multi-factorauthentication credentials; and then performing a GET on the “/connect”resource can access transactional data related to the user/user'saccount. The API 110 may additionally include informational resources toaccess information about entities involved in transactions. For example,the API 110 may allow a particular business resource to be accessed toobtain contextual information about the business such as name, location,and classification.

The application proxy system 120 functions to manage a simulation of afirst-party software application access to an institution. Theapplication proxy system 120 operates in cooperation with one or moreinstitution interface modules (e.g., institution interface modules 131,132, and 133) to establish a data model and/or a data image that acts asa virtualized or simulated application instance (also referred to hereinas an “application proxy instance,” “proxy instance,” “virtualizedinstance,” “simulated instance,” and/or the like) (e.g., proxy instances121, 122, and 123). From the perspective of the institution, the proxyinstance (e.g., proxy instances 121, 122, and 123) appears as afirst-party application (e.g., Bank 2 application 153) installed on aphysical user device (e.g., user devices 171 and 172) that is being usedby a user. In other words, the requests received from the proxy instanceare treated like requests from a first-party mobile app, desktop app, orweb-based application of the user. The application proxy system 120 maystore and maintain a plurality of application proxy instances (e.g.,proxy instances 121, 122, and 123). The proxy instances may includeconfiguration settings and properties that, when used according to adefined institution interface (e.g., an institution interface of aninstitution interface module 131, 132, and/or 133), will appear asrequests from first-party applications (e.g., application 153) of theinstitution (e.g., institution 141, 142, and/or 143). A different proxyinstance may be created and maintained for each user account-institutionpair. A given user may have multiple user accounts with differentinstitutions. A proxy instance may include a set of properties that canbe used to authenticate the proxy instance with the institution system(e.g., institution 141, 142, and/or 143). The application proxy system120 provides a method to programmatically create a proxy instance for auser. The user may provide some account credentials that can be used inan initial registration of the proxy instance with the non-public orpublic API of the institution. The proxy instance may be characterizedas a set of properties that can be stored and maintained. Some of thoseproperties may be automatically generated, may be provided from theinstitution during negotiating registration, may be properties of theapplication that is being simulated, and/or may include any suitableidentifying and authenticating information. The properties may include aunique user identifier code, an authentication token, a MAC address(e.g., a MAC address of a user device 171 or 172), or any suitableinformation. When a request is made to a bank on behalf of a user, theproperties of the proxy instance may be invoked to gain access to theinstitution on behalf of the associated user.

FIG. 2 depicts example proxy instances 121, 122, and 123 of FIG. 1. Asshown in FIG. 2, User A has accounts in Bank 1 and Bank 2, and User Bhas accounts in Bank 2. As shown in FIG. 2, each proxy instance includesaccount credentials and properties.

An institution interface module (e.g., one of institution interfacemodules 131, 132, or 133) functions to model the internal interface(e.g., interaction with one of APIs 161, 162, or 163) of at least oneapplication (e.g., the application 153) with an external institution(e.g., one of institutions 141, 142, or 143). An institution interfacemodule may be established for each institution with which the system 100can interface. For example, an institution interface module may existfor each bank and/or credit card company that is available in thesystem. The institution interface module may include a set of rules andprocesses of a particular institution. The institution interface modulemay include a proxy sub-module that defines how the institutionrecognizes and/or authenticates a particular application. Some banks maydepend on the MAC address of a device (e.g., a MAC address of userdevices 171 and/or 172), some may depend on asymmetric cryptographytokens, and others may generate encrypted tokens. The proxy sub-moduleis used in establishing the proxy instance information. The institutioninterface module can additionally include institution protocolsub-module, which defines a mapping between provided API 110functionality and the form and mode of communication with the externalinstitution (e.g., institutions 141, 142, or 143). The institutionprotocol sub-module can define the headers, body, and other propertiesof messages sent to the associated institution. The protocol sub-modulemay additionally define how data should be processed to form thatmessage. In some cases, the data may be encrypted in a standard orproprietary format, which the protocol sub-module can define.Additionally, the protocol sub-module can define the communication flowto fulfill a request. In some cases, multiple requests may need to bemade to complete a request objective. Other aspects of interacting withan interface (e.g., APIs 161, 162, and/or 163) of an externalinstitution (e.g., institutions 141, 142, and/or 143) may additionallybe built into the institution interface module such as multi-factorauthentication rules.

An institution interface module may be constructed based on use of anactual first-party application (e.g., the application 153). For example,communication of, and/or source code of, the first-party application canbe parsed and analyzed to establish some or all of an institutioninterface module. In some implementations, source code of a first-partyapplication (e.g., the application 153) of an external institution isparsed and analyzed to establish some or all of an institution interfacemodule for the external institution. In some implementations,communication between an external institution and a first-partyapplication (e.g. the application 153) of the external institution isparsed and analyzed to establish some or all of an institution interfacemodule for the external institution.

FIG. 3 is a flowchart illustrating an example method of accessing useraccount data, according to an embodiment. As shown in FIG. 3, the methodcan include creating an application proxy instance (block 310),optionally setting up a communication session through the proxy instance(block 320), receiving a normalized account request (block 330),negotiating communication with an external interface through a proxyinstance (block 340), and returning results (block 350). The methodfunctions to provide programmatic access to one or more externalservices (e.g., external user account systems of external institutions)that lack exposed programmatic access. The external services may benon-public (e.g., proprietary) or public. The external services can beprovided by external institutions, as described above. Such institutionsmay have first-party applications that enable users to access useraccount information via a mobile or desktop application. Suchfirst-party applications may use a proprietary or customized API (e.g.,API 161, 162, and/or 163) of the external institution. Such APIs arecommonly not public and not exposed. For example, a developer iscommonly prevented from registering an account and using an open APIauthentication approach to arbitrarily access the API resources ofexternal institutions. Additionally, such APIs are non-trivialcustomized interface protocols that are not shared with otherinstitutions, e.g., each institution conforms to its own interface. Themethod can additionally provide a normalized interface to a plurality ofexternal services (e.g., external institutions 141, 142, and/or 143).The method enables a programmatic interface into an account within aninstitution by leveraging an application proxy approach. A virtualized“image” or digital simulation of an application instance is maintainedin the application proxy system 120 and used to access the unexposed API(e.g., API 161, 162, and/or 163) of the institution. While the system100 may be applied to financial institutions, the system 100 mayadditionally or alternatively be applied to providing API access to anyother external entities with closed or limited API access. The methodmay be implemented through the system 100 as described above, but mayalternatively be implemented by any suitable system.

At block 310, which includes creating an application proxy instance(e.g., an application proxy instance 121, 122, and/or 123), the system100 functions to establish a digital image of a first-party applicationinstance (e.g., the application instance 153) for a selected institution(e.g., the Bank 2 142). Creating an application proxy instances may beinitiated in response to receiving an initial request. The initialrequest may be initiated by a user (or entity) (e.g., User A or User B)interacting with an external user-facing system/application (e.g.,application instances 151 and/or 152, executing on either of userdevices 171 or 172 and/or another suitable device, and/or furtherexecuting on another system of the application instances 151, 152) of acustomer (e.g., a developer). The external user-facingsystem/application may then send the initial request to the system 100.The user (e.g., User A and/or User B) may have a user account with theexternal institution (e.g., an online bank account). An applicationproxy instance (e.g., one of proxy instances 121, 122, and/or 123) canbe created during the initial registration or at a later time, whichwill provide access to account information of the external institution.Once created, the application proxy instance of that user can bepersisted and used at a later time for that given user-institutioncombination (e.g., “User A-Bank 1”, “User A-Bank 2”, “User B-Bank 2”).However, a new proxy instance may be created when the proxy instancebecomes invalid (e.g., as a result of institution API changes,password/login changes made within the institution, and/or other changesto invalidate a proxy instance). The initial request may be receivedthrough a normalized API (e.g., API 110) as a connection request. Theconnection request may be accompanied by parameters that specify aselected institution (if there are multiple institution options) anduser credentials for the institution. The user credentials may include ausername, password, pin code, and/or any suitable credentials. The APIrequest may additionally include authentication credentials such as aclient identifier and secret token that is associated with the accountin the system.

Creating a proxy instance may include negotiating registration of theproxy instance with the institution, which functions to establish theproxy instance with the selected external institution. An institutioninterface module (e.g., one of the modules 131, 132, or 133) mayfacilitate navigating the communication handshaking during the initiallogin. Different institutions may have different processes to registeror enroll a new application (which in the method is a proxy instance)such as multi-factor authentication. During the negotiation, variouselements may be extracted and stored as part of the proxy instance.Similarly, some properties may be generated based on communication withthe institution. For example, a MAC address or a unique deviceidentifier may be used in connecting to the services of the externalinstitution. Such properties may be stored as part of the proxyinstance.

As mentioned above, multifactor authentication (MFA) may be part ofnegotiating with an external institution. For example, an externalinstitution may respond with indication of a MFA credential requirement.Such MFA requirements may be fulfilled by relaying the MFAchallenge/task up to a user. In one implementation, the system 100receives a message indicating that a security question should be askedto complete the negotiation. The security question is passed back to theassociated application (e.g., applications 151 and/or 152, which may beoperated by a customer/developer account of the system 100). Then, theassociated application may present the security question in some mannerto obtain the user response. The MFA can include security questions,additional pin codes (such as those supplied by a one-time passwordgenerator or a code transmitted to a secondary device), or any suitableform of MFA.

At block 330, the system receives a normalized account request via theAPI 110 of the system 100. As mentioned above, the syntax and mode ofcommunicating an API request is normalized such that the format isindependent of the institution. The requests can include a variety oftypes of requests which may include: obtaining a list of transactions;requesting details on a particular transaction; performing somefinancial transfer (moving money from savings to checking, setting uptransfer to another account, making scheduled payments, digital depositof a check, and/or the like), updating account information (e.g.,updating contact information, changing password, manage alerts, and/orthe like), requesting services (e.g., new cards, reporting fraud, and/orthe like), and/or the like. A normalized account request may be mappedto an institution interface module (e.g., one of the institutioninterface modules 131, 132, or 133) or other suitable component thatdefines communication to fulfill the API request.

At block 340, which includes negotiating communication with an externalinterface (e.g., one of APIs 161, 162, and/or 163) through a proxyinstance (e.g., one of the proxy instances 121, 122, and/or 123), thesystem 100 functions to execute and manage communication between thesystem and an external institution system (e.g., one of systems 141,142, and/or 143) when fulfilling an account request. The proxy instance(e.g., one of the proxy instances 121, 122, and/or 123) provides amechanism through which access may be granted. The communication isexecuted while an authenticated session is active. Communicationsessions may be expired by the system 100 or the external institutionfor various reasons, such as remaining inactive for a set amount oftime. A communication session may be active subsequent to enrolling aproxy instance or may require setting up a session through the proxyinstance as described below.

Negotiating communication may include creating requests that conform toexpected messages of the external institution. This can include settingheaders, body contents, and other message properties. An institution mayexpect particular headers. For example, the headers may include a hostor path, a data, content type, cookies, MAC address, a user identifier,authorization properties, and/or other suitable headers. Creatingrequests can additionally include transforming request properties intoan expected form, which may include applying a set encryption pattern toa request. In one variation, transforming the request involvesencrypting content according to a public key, wherein the public key maybe stored as part of the proxy instance. The institutions may takevarying approaches to how information is communicated. In an alternativeinstitution, the contents of a message may be unencrypted, in whichcase, the contents may be submitted in a plaintext, unencrypted form. Inaddition to creating requests that conform to expected messages of theexternal institution, the method can include following arequest-response pattern. That pattern can involve a single request andresponse, but may alternatively include a sequence of different requestand responses to obtain desired information.

In some variations, information or actions may not be available throughthe first proxy instance and so the method may include automaticallyswitching to a second proxy instance with supported functionality. Forexample, full bank statements may not be available in a mobileapplication, and the institution API (e.g., one of APIs 161, 162, and/or163) may not include such functionality. Accordingly, when thatfunctionality is required to fulfill an API request of the API 110, thena second proxy interface may be used. In some variations, an API requestvia the API 110 may require multiple institutions to be queried. Such anAPI request may be particularly useful for summarizing financialstatements across multiple accounts. The method can include negotiatingcommunication for multiple institutions and combining results into acombined form.

At block 350, which includes returning results, the system 100 functionsto deliver the results as a response to the request. Returning theresults includes transforming the data obtained from the externalinstitution into a normalized form. The information is formatted into astandardized format that is substantially similar in representationbetween different institutions served by the system 100. Transformingthe data can additionally include processing, supplementing, and/orotherwise enhancing information. Some information provided by aninstitution may be poorly formed. For example, store information for aparticular transaction may be poorly labeled and may be representeddifferent from other institutions. Such contextual information aboutexternal entities can be cleaned and/or supplemented with additionalinformation. For example, an entity may be supplemented with categoricallabels, tags, geolocation information, and/or other suitableinformation. The returned results can be represented data format such asJSON, XML, or any suitable format.

The method can additionally optionally include block 320, which includessetting up a session through a proxy instance that was previouslycreated, and functions to facilitate accessing information afternegotiating a proxy instance for an account and institution. The proxyinstance may store and maintain information required for subsequentaccess. The external institutions may restrict access to set sessions,which may expire after some amount of time or may require reconfirminguser credentials. Thus, when an API request for an account occurs aftera communication session has expired, then the method may automaticallyset up a new session using the previous user credentials and proxyinstance credentials. In some variations, MFA challenges, such assecurity questions, may be automatically completed.

The method can additionally include re-capturing updated credentials,which functions to update user credentials for an institution. Updatedcredentials may be updated when a user changes them within theinstitution or when the proxy instance is otherwise locked out of theaccount. An error may occur indicating that a communication session wasnot successful, and then an API request can be submitted to update aproxy instance with new credentials.

Referring again to FIG. 1, in some implementations external user accountsystem of the external institutions may include public web browserinterfaces. For example, as shown in FIG. 1, the bank 1 system 141 mayinclude a web browser interface 191 for accessing the bank 1 system 141via a web browser (or any suitable web client) (e.g., web browser 181 ofthe user device 173). As described herein and further below in referenceto FIGS. 6 and 7, the system 100 provides access to the user accountdata via private, proprietary APIs (e.g., API 161) of externalinstitutions, as opposed to access via a public web browser interface191. In some implementations, the web browser interface 191 is a webserver that hosts a web site for access of the external institutionsystem via a web browser over the Internet.

FIG. 4A illustrates aspects of the application proxy system 120,according to an embodiment. As shown in FIG. 4A, the application proxysystem 120 includes application proxy instances (e.g., proxy instances421, 422, 423, 424, and 425) for user accounts (e.g., user accounts 411,412 and 413) of developer accounts (e.g., Dev Account B 431 and DevAccount A 432) at the system 100. The application proxy system 120includes an application proxy instance management module 441 that isconstructed to generate application proxy instances, configureapplication proxy instances, remove application proxy instances, and/orthe like.

In some implementations, each application proxy instance (e.g., proxyinstances 421, 422, 423, 424, and/or 425), specifies a developeraccount, a user account of the developer account, an associated externaluser account system (e.g., an external institution), and credentials ofthe user account for the external institution, as shown in FIG. 4B. Insome implementations, each application proxy instance specifiesproperties of the application proxy instance. In some implementations,properties include one or more of a unique user identifier code, anauthentication token, a MAC address (e.g., a MAC address of a userdevice 171 and/or 172), or any suitable information.

In some implementations, the application proxy instance managementmodule 441 creates the application proxy instance responsive to arequest to create an application proxy instance. In someimplementations, the request to create an application proxy instancespecifies information identifying an external user account system, and auser account of an external user-facing system/application (e.g., a useraccount of the external user-facing system/application 152 of FIG. 1).In some implementations, the request to create an application proxyinstance specifies user credentials for the external user accountsystem. In some implementations, the request to create an applicationproxy instance specifies information identifying an account of thesystem 100 associated with the external user-facing systems/application.In some implementations, the request to create an application proxyinstance specifies properties for the application proxy instance. Insome implementations, properties for the application proxy instanceinclude at least one of a unique user identifier code, an authenticationtoken, a MAC address, user accounts of the corresponding external useraccount system, and/or any other suitable information.

In some implementations, the application proxy instance managementmodule 441 stores the created application proxy instance in associationwith a user account (e.g., “User A” 411 of FIGS. 4A and 4B) of anexternal user-facing system/application (e.g., a user account of theexternal user-facing system/application 152 of FIG. 1). In someimplementations, the application proxy instance management module 441stores the created application proxy instance in association with anaccount (e.g., “Dev Account B” 431 of FIGS. 4A and 4B) of the system 100associated with an external user-facing system/application (e.g., a useraccount of the external user-facing system/application 152 of FIG. 1).In some implementations, the application proxy instance managementmodule 441 stores the created application proxy instance (e.g., “ProxyInstance User A Bank 1” 421 of FIGS. 4A and 4B) in association with anaccount (e.g., “Dev Account B” 431) of the system 100 associated with anexternal user-facing systems/application, and a user account (e.g.,“User A” 411) of the external user-facing systems/application. In someimplementations, the application proxy instance management module 441stores the created application proxy instance in association with anaccount of the system 100 associated with an external user-facingsystems/application, a user account of the external user-facingsystems/application, and information identifying the external useraccount system (e.g., “Bank 1 141” of FIG. 4B) of the application proxyinstance. In some implementations, the application proxy instancemanagement module 441 stores the created application proxy instance inassociation with an account of the system 100 associated with anexternal user-facing systems/application, a user account of the externaluser-facing systems/application, information identifying the externaluser account system of the application proxy instance, and informationidentifying user accounts of the application proxy instance.

In some implementations, creating the application proxy instanceincludes controlling the application proxy instance management module441 to construct the application proxy instance to simulatecommunication, register, negotiate registration, and/or the like, of anapplication (e.g., application 153 of FIG. 1) (of the external useraccount system of the application proxy instance) with the external useraccount system on behalf of the user account (e.g., “User A”, “User B”)of the application system.

Additional examples and details of accessing user account data via proxyinstances of the system may be found in U.S. patent application Ser. No.14/790,840, filed Jul. 2, 2015, and titled “SYSTEM AND METHOD FORPROGRAMMATICALLY ACCESSING FINANCIAL DATA” (referred to herein as “the'840 application”). The entire disclosure of this application is herebymade part of this specification as if set forth fully herein andincorporated by reference for all purposes, for all that it contains.

As mentioned above, the system 100 may also be used, via the API 110, toaccess various types of user account data, including documents (such asstatements). The system 100 may also be used, via the API 110, toinitiate transactions (such as a transfer of funds between accounts,schedule payments, etc.). The system 100 may also be used, via the API110, to update account information or request services. Additionalexamples and details of such functionality of the system is providedbelow, and may also be found in the '840 application.

IV. Example Systems and Methods for Programmatically VerifyingTransactions

FIG. 5 is a flowchart illustrating an example method of processingtransactions, according to an embodiment. As shown in FIG. 5, the methodcan include acquiring user account (also referred to herein as“institution account”) credentials (block 510), receiving a transactionrequest associated with at least one endpoint (block 520), collectingtransaction information of the endpoint (block 530), and returning atransaction response (block 540). In some embodiments, the method canoptionally include executing the transaction (block 550), whichfunctions to process the transaction between two endpoints. In someembodiments, the method does not perform execution of the transaction,receiving the transaction request functions to initiate the retrieval oftransaction addressing information of the at least one endpoint,collecting transaction information of the endpoint includes collectingtransaction addressing information of the endpoint, and returning atransaction response functions to transmit the collected transactionaddressing information of the endpoint. The method functions to leverageaccount access during the transaction process. Variations of the methodcan be used to add functionality such as verifying account informationused in financial transfers, programmatically transferring funds,setting programmatic events, catching errors and fraud, performingconditional processing of a transaction, and/or other suitableoperations. The method may be performed by the system 100. In someimplementations, the transactions are automated clearing house (ACH)transactions, but any suitable type of transaction may be used. In afirst implementation, the method enables a customer/developer, via theAPI 110, to obtain verified ACH endpoint information. For example, anaccount number and a routing number may be obtained, as well asverification of ownership of the account. In this variation, the system100 provides the information to execute the transaction. In anotherembodiment, the method additionally executes the transaction havingobtaining the required information and verification. The method of FIG.5 may be implemented by the system 100, but the method may alternativelybe implemented by any suitable system.

FIG. 6 is a simplified block diagram of the computing system and networkenvironment of FIG. 1, according to an embodiment. The method of FIG. 5is described below in reference to certain aspects of FIG. 6 (or,alternatively, FIG. 1)

At block 510, which includes acquiring institution account credentials,the system 100 functions to obtain login information for an institution(e.g., the institution 142). The institution account credentials mayinclude a username and password. The account may be an account of anexternal institution. Additionally, an institution may includeadditionally authentication challenges such as a pin code, securityquestions, single-use passwords, secondary device code verification,biometric identification, and/or any suitable form of multi-factorauthentication (MFA), as described above. Such additional authenticationchallenges may be collected at the same time of the account credentials,but the MFA authentication process may alternatively be defined in theAPI protocol. For example, if the primary account credentials are notsufficient, the MFA challenge may returned in a response, thisadditional credential request can be repeated as required before accessto the account is obtained. The institution account credentials canadditionally be stored, and automatically used to complete subsequentaccess or login attempts.

The account credentials may be provided through an API request of acustomer/developer or application of the customer/developer to the API110. The API 110 may be used in establishing, setting up, or enrolling anew user account. One user may have at least one associated user accountat an external institution, but may be linked or associated withmultiple user accounts at multiple external institutions. Accountcredentials may be obtained for each user account.

At block 520, which includes receiving a transaction request associatedwith at least one endpoint, the system 100 functions to initiate theretrieval of transaction addressing information of an endpoint. Theendpoint may be a transaction endpoint, which may be any suitableendpoint from which funds may be withdrawn or deposited. In a commontransaction, there is a single withdrawal account and a single depositaccount. The method can be used in obtaining information for one or moreendpoints. In some variations, there may be a plurality of withdrawaland/or deposit accounts. In one variation, the transaction request isidentical to an enroll user request used to obtain the user credentialsof block 510. The account credentials may alternatively be previouslyobtained or obtained in response to the transaction request.

In one variation, in which the transaction request is for informationabout an account, the API request may specify an institution and accountcredentials. Additional credentials may additionally be required such asa pin code, state in which an account was created, or MFA challengeanswers. A second request with similar parameters may be submitted toobtain the account credentials for other involved transaction endpoints.

In another variation, the transaction request may explicitly define thetransaction details. The transaction request may include at least onewithdrawal account endpoint and deposit account endpoint. Accountcredentials may be specified for each endpoint. In one variation, asingle API request may include account credentials for both endpoints.In another variation, a transaction resource is used, such thatwithdrawal endpoint information, deposit account information, andtransaction details can be specified asynchronous. For example, atransaction resource is created through an API request via API 110.Later, an API request hits the new transaction resource (by specifying atransaction identifier) to specify withdrawal information, then depositinformation, and then the amount to be transferred. Once all theinformation is populated, the transaction may be executed eitherautomatically, in response to an executed command, or scheduled for alater time. Bulk, aggregate, or group transactions may additionally bespecified in a request. If multiple entities are withdrawal endpoints,then the division of funds may be specified (e.g., a percentagebreakdown or amount breakdown). Similarly, funds for multiple depositendpoints may be specified.

At block 520, which includes collecting transaction information of theendpoint, the system 100 functions to access and determine properties ofa transaction endpoint. Collecting transaction information of theendpoint may involve using the account credentials to gain accountaccess in an institution. The account access may be facilitated by usinga proxy application, as described above. The account access can be usedto request and obtain account documents that include endpointinformation. The account documents may include bank statements or othersuitable documents. If the documents are in PDF or other alternativeformats, the content may be scraped to identify transaction information.

At block 530, the system 100 collects transaction information and/ortransaction addressing information of the endpoint. The accountaddressing information may be the account number and the routing numberof an account. Billing address, wire routing number, and/or otheraccount information can additionally be pulled. In one variation, theaccount number and routing number are available in banking statements.An extraction script may be used to pull the document and then isolatethe information from the document. Accessing the account number and therouting number in an automated fashion may avoid chances of error. As afirst benefit, access to the account provides evidence that the owner ofthe account participated in providing the transaction endpointinformation. As another benefit, the information is automaticallypulled, which avoids human error.

Collecting transaction information of the endpoint, at block 530, mayadditionally include collecting transaction status information of theendpoint, which can include indication of fund requirements, accountfraud checks, and other status information. Various stages can be builtinto providing the transaction information, which provide differentsafeguards and/or features into financial transactions.

In a first optional stage, the transaction status information candetermine a sufficient funds status. The sufficient funds status may beapplied to a withdrawal account to ensure that the account has funds tocomplete the transaction. Transaction history and/or current fund valuemay be accessed through the account access. In one variation, the fundamount is returned in the response such that thecustomer/developer/application can respond appropriately. In anothervariation, the transaction amount is compared to available funds. Ifsufficient funds are not found, then an error or warning may be raised.

In another optional stage, the account may be processed for fraudpatterns. For example, the age of the account may be accessed. Newlycreated accounts may be less trustworthy than established accounts withsignificant history. Similarly transaction history may be assessed forfraudulent behavior. If the account is used for a diverse range oftransactions indicative of normal behavior then the account may beidentified as normal. If the account only participates in repeated highvalue transactions or other fraud patterns, then the account may beflagged as fraudulent. Additionally, the entities involved in thetransaction may be indicative of fraud.

The method may additionally include verifying transaction conditionsduring one or more stages. Transaction conditions may be used to takeany suitable action. The available actions can include permitting atransaction or preventing a transaction. Additionally, the action caninclude sending a notification. The notification can include an email,text message, a platform message, a phone call, or any suitablenotification. The action may additionally include triggering aprogrammatic event. In one variation the programmatic event is acallback event, wherein an HTTP message is sent to a destination.Conditions may be customized or selected from a set of providedconditions. Example conditions can include a condition that triggers anotification for transactions over a particular amount; a conditionbased on available funds after the transaction to alert a user to fundsbelow a threshold; and a condition based on the frequency oftransactions or the entities involved in the transaction account.Conditions can be scoped for a developer account, a particularinstitution account, or for any suitable scope of entities.

At block 540, the system 100 returns a transaction response so as totransmit the results of the transaction request. The transactionresponse is may be made in a synchronous API message from the API 110that is sent in response to an initial request. Alternatively, a statusAPI resource may be used such that an application/service canperiodically check the status API resource to determine the processingstatus and/or the results. Alternatively, any suitable approach may beused to provide the results to the initial request.

In an implementation, the response provides the addressing informationused for an endpoint. If there are no errors or warnings with respect tothe account, then account information may be NACHA compliant as theendpoint information was accessed and obtained in a manner thatvalidates the ownership of the account (e.g., by providing credentialsand optionally multi-factor authentication responses). The transactionresponse can include the account number, the routing number, and/or anyadditional information for the endpoint that is used in executing thetransaction. The transaction response may additionally include theavailable funds, such that the requesting entity can check forsufficient funds. The response may additionally indicate if sufficientfunds are available if the transaction amount was provided, whichfunctions to hide the available funds from the requesting entity whilepreventing overdraft transaction. The transaction response canadditionally include other fields such as a status field, where theaccount may be labeled according to any categorization of the account.For example, the status may indicate that the account is normal orfraudulent.

Additionally or alternatively, the method can include optional block550. At block 550 the system 100 executes the transaction, whichfunctions to process the transaction between two endpoints. In thisvariation a request to execute a transaction between at least twoendpoints is received. Additionally, returning a transaction responsemay include returning results of the transaction in the response. Inanother implementation, the method includes executing the transaction.The transaction response can include information about the status of thetransaction when the transaction is submitted, being processed, and/orcompleted. Transactions may not be instantaneous, and as such theinitial transaction response may indicate if the transaction wassuccessfully initiated. Successfully initiated means that thetransaction endpoint information was successfully retrieved, that anyconditional stages (such as a sufficient funds stage, a fraud-checkstage, and custom conditions) are satisfied. A subsequent response orstatus resource may be updated that reflects the status of thetransaction. A transaction resource may be updated with a pendingprocess, when the transaction is initiated and proceeding normally. Thetransaction resource can be updated with a completed status possiblyindicating the time of completion. If an error or issue is encountered,the status of the transaction resource may be updated to reflect theerror or issue. The method may additionally include monitoring status oftransaction and triggering programmatic event according to the status.

In one variation, executing the transaction can include establishingproxy accounts in at least two institutions, and expediting transactionsbetween the two institutions through an internal deposit to a firstproxy account in a first institution and a second internal deposit froma second proxy account in the second institution. In some cases,transactions between institutions are slower than transactions madewithin an institution. By establishing a cross institution accountnetwork, transactions can be facilitated between two accounts indifferent institutions with similar speeds of internal transactions. Theproxy accounts may include a funds reserve, which may be periodicallybalanced between proxy accounts to maintain an operational reserve offunds.

Additionally, the method may be applied to create an abstraction betweena user and the underlying account. A transaction endpoint can beabstracted to a user entity, which may be associated with multipleoptional transactional endpoints (e.g., different bank accounts).Accordingly, the method may include selecting an institution, whichfunctions to dynamically select a connected account to participate in atransaction. Various conditions may be set to respond to events whenreceiving a transaction request, collecting information for thetransaction, and/or executing a transaction. In one variation, oneinstitution is set as a primary account and another account managed bythe same entity is set as a secondary account. If the primary account isnot able to complete a transaction, the method may detect an errorcondition and automatically fails over to the secondary account. Inanother variation, a set of accounts may be preconfigured to be useddepending on properties of the request. In combination with the proxytransfer endpoint, the identifying information for the proxy endpointcan be used, but the underlying service automatically will use anautomatically selected account to use for the funds. For example, a setof entities and/or category of entities/transactions may be set to useparticular accounts. Similarly, transactions to one proxy account may beautomatically split into transactions with multiple associated accounts.For example, an account holder may set a proxy account to automaticallysplit deposits between two accounts in a 30/70 balance.

Referring now to FIG. 6, the system 100 functions to provide aninterface (e.g., via the API 110) for applications and services that canfacilitate the process of transferring funds. The system 100 canfunction to provide verified account information used in ACH transfers,to execute transfer of funds, to enable programmatic events duringtransfer process, to mitigate risk and errors, and/or providealternative transaction functionality. As described above in referenceto FIG. 1, the system 100 is part of a larger API platform, whichprovides an API to access account data and execute transactions, amongother items. In some variations, the system 100 is part of amulti-tenant API platform that enables a plurality of developers tocreate accounts and build applications and/or services that leverage theAPI of the API platform. In alternative variations, the system 100 ispart of a single-tenant API platform and may provide an internal API fora dedicated set of products or services. For example, a product may bebuilt on top of the API platform that enables end users to createaccounts to manage accounts with one or more institutions (e.g., banks,credit card companies, investment managers, etc.).

The API 110 functions to provide an interface for accessing institutiontransaction endpoint information. The API 110 can additionally provide anormalized customer facing interface. In one implementation, the API 110leverages an application proxy instance 121, which simulates aproprietary first-party application accessing a closed API of aninstitution (e.g., the institution 142). The system 100 can includeadditional components or services that particularly facilitate theaccess of information relating to a transaction endpoint. For example, aservice, script, or module can be configured to access statements orother suitable documents that can contain endpoint information such asaccount number and routing number information. The statements orinformation may be contained in pdf or other suitable document formats.The system 100 can include document readers that can access and extractthe requested information from the statements.

In one variation, the API 110 allows an API request to specify anaccount, and a response output provides the information related toexecuting a transaction with the endpoint. In one implementation, theAPI 110 can include at least one API resource for interacting with thetransaction endpoint. As shown in FIG. 7, an endpoint informationrequest can include institution credentials of an account. Thecredentials can include username and password. The API protocol canadditionally provide a mechanism for completing multi-factorauthentication challenges such as security questions, or code-basedmulti-factor authentication. The API request may additionally includeother properties such as developer account identifiers, APIauthentication tokens, institution type identifiers, and other suitableparameters. The response is a data object that includes at leastautomatically obtained information such as tracking number, routingnumber, and/or wire routing number. Additional response information caninclude funds amount (or alternatively a Boolean indicator if the fundsare sufficient), an account status (e.g., is the account fraudulent,trusted, etc.), billing address of the account, name of the institution,type of account (e.g., saving, depository, etc.), and other suitableproperties. Other API properties or features can include a mechanism tospecify if endpoint information is requested or if the transactionshould be executed.

The institution interface module 132 functions to model the internalinterface of at least one first-party application with an externalinstitution (e.g., institution 142). The account credentials of a useraccount (and optionally multi-factor authentication credentials) can beused for an application proxy to gain access to an institution throughthe institution interface module. The system 100 may additionallyinclude a transaction engine 193, which can facilitate the transfer offunds between two accounts. The transaction engine 193 can be integratedwith the API 110, such that an API request can direct the execution of atransaction. The transaction engine 193 can execute ACH transactions,but may alternatively or additionally use other financial tools towithdrawal funds and/or deposit funds. With a transaction engine,transactions can be executed between two accounts that have beenconfigured with account credentials. The API response may include thestatus of the transaction, transaction errors, a status URI or anysuitable response to facilitate executing a transaction as shown in FIG.8. In one variation, proxy accounts can be used in differentinstitutions. With sufficient reserves, transfers between institutionscan be expedited by transferring funds to and from the proxy accounts,and then asynchronously updating the proxy accounts.

The system 100 can also include, in some implementations, a tokengeneration engine 195 (which can manage token generation, as describedherein), and/or a record vault 1302 (which may store electronic recordsassociated with the tokens, as described herein).

The system 100 can additionally include other aspects such as amessaging/notification system, which can manage alerts and/or triggeringprogrammatic events (e.g., callbacks), an engine for generating userinterfaces and/or user interface data, and/or the like. The system 100may additionally or alternatively include any other suitable componentsto implement the functionality of described in the present disclosure.

In some implementations, the system 100 includes a document processingengine 194. In some implementations, the document processing engine 194is constructed to process account documents (e.g., account documents192) of an external user account system (e.g., bank system 142) of anexternal institution. The account documents may be processed to identifyand/or obtain transaction information. In some implementations, in acase where the documents are in a PDF format, the document processingengine 194 is constructed to scrape content of the PDF documents toidentify the transaction information. In some implementations, thedocument processing engine 194 is an extraction script that isconstructed to pull the document and then isolate the transactioninformation from the document (e.g., as described above in reference toFIG. 5). In some implementations, the system 100 accesses the document,stores the accessed document (e.g., in a memory or other storage mediumof the system 100), and then controls the document processing engine toprocess the stored document to identify the transaction information.

FIGS. 9-10 are flowcharts illustrating example methods of processingtransactions, according to various embodiments. The methods of FIGS. 5-6are described below in reference to certain aspects of FIG. 1 (or,alternatively, FIG. 6).

Referring to FIG. 9, a method for processing a normalized API request atthe system 100 includes: receiving a normalized API request associatedwith at least one account endpoint, the normalized API request beingprovided by an external user-facing system/application (e.g.,system/application 152 of FIG. 1) by using API 110 of the system 100,the normalized API request specifying account credentials of eachaccount endpoint of the normalized API request (block 910).

Responsive to the normalized API request: transaction information ofeach account endpoint of the normalized API request is collected byusing an application proxy instance (e.g., one of proxy instances 121,122, and/or 123 of FIG. 1) associated with the account endpoint tocollect the transaction information from a corresponding institutionsystem (e.g., an external user account system 141, 142, and/or 143 ofFIG. 1) by using the associated account credentials specified by thenormalized API request and a proprietary API) (e.g., one of APIs 161,162, and/or 163 of FIG. 1) of the system 100 (block 920).

Further, a normalized API response is provided to the externaluser-facing system/application (block 930). The normalized API responseprovides the transaction information of each account endpoint of thenormalized API request. Each application proxy instance is constructedto simulate an application of the corresponding external institutionsystem.

In some implementations, the collected transaction information for eachaccount endpoint includes at least an account number and a correspondingrouting number for use in automated clearing house (ACH) transactions.In some implementations, the transaction information is collected byprocessing at least one statement accessed from the correspondingexternal institution system.

Additional examples and details of obtaining transaction and accountinformation via proxy instances of the system may be found in U.S.patent application Ser. No. 14/790,897, filed Jul. 2, 2015, and titled“SYSTEM AND METHOD FOR FACILITATING PROGRAMMATIC VERIFICATION OFTRANSACTIONS” (referred to herein as “the '897 application”). The entiredisclosure of this application is hereby made part of this specificationas if set forth fully herein and incorporated by reference for allpurposes, for all that it contains.

Referring to FIG. 10, a method for processing a normalized API requestat the system 100 includes: receiving a normalized API requestassociated with at least one account endpoint (block 1010). Thenormalized API request is provided by an external application system byusing a platform API of the platform system. The normalized API requestspecifies a transaction and at least one of an account token and accountcredentials of each account endpoint of the normalized API request.

Responsive to the normalized API request, transaction information ofeach account endpoint of the normalized API request is collected (block1020). The transaction information is collected by using an applicationproxy instance associated with the account endpoint to collect thetransaction information from a corresponding institution system by usingat least one of an associated account token and associated accountcredentials specified by the normalized API request and by using aproprietary API of the institution system.

The transaction specified by the normalized API request is executed byusing the collected transaction information (block 1030). A normalizedAPI response is provided to the external system (block 1040). Thenormalized API response provides results of the transaction. Eachapplication proxy instance is constructed to simulate an application ofthe corresponding external institution system.

In some implementations, the collected transaction information for eachaccount endpoint includes at least an account number and a correspondingrouting number for use in automated clearing house (ACH) transactions.

In some implementations, the transaction information is collected byprocessing at least one statement accessed from the correspondingexternal institution system.

In some implementations, the transaction information (and/or any otheraccount-related information) is collected via one or more of: anapplication proxy instance, screen scraping (e.g., of a webpage of theinstitution), an API request to an API of the institution (e.g., thatthe system is authorized to access), or any combination of thesemethods.

Additional examples and details of such functionality of the system maybe found in the '897 application.

In some implementations, the user information of the normalized APIrequest includes a user account identifier for each user account of theexternal user-facing system/application (e.g., the external user-facingsystem/application 152) corresponding to the normalized API request.

In some implementations, the normalized API request includes parametersas shown in Table 1.

TABLE 1 NORMALIZED API REQUEST PARAMETER DESCRIPTION <Platform AccountID> An account of an external user-facing system/application (e.g., “DevAccount A”, “Dev Account B” of FIGS. 1 and 4A- 4B). <User AccountIdentifier> An identifier that identifies a user account of theapplication system identified by the <Platform Account ID> parameter.<Institution ID> An identifier that identifies an external institutionsystem (e.g., institutions 141, 142, and/or 143).

In some implementations, the <User Account Identifier> is used to selectat least one corresponding application proxy instance, and each selectedapplication proxy instance includes user credentials (e.g., as depictedin FIG. 4B) to access the associated institution system.

In some implementations, the system 100 determines an application proxyinstance associated with the normalized API request based on the<Platform Account ID> parameter, the <User Account Identifier>parameter, and the <Institution ID> parameter. In some implementations,the system 100 identifies an application proxy instance of theapplication proxy system 120 that is managed in association with the<Platform Account ID> parameter, the <User Account Identifier>parameter,and the <Institution ID> parameter, and uses the identified applicationproxy instance to collect the transaction information.

In some implementations, each proprietary API request includesparameters as shown in Table 2.

TABLE 2 PROPRIETARY API REQUEST PARAMETER DESCRIPTION <User Credentials>The user credentials of the corresponding normalized API request. Theuser credentials are specified by the application proxy instance, e.g.,421-425, (e.g., as shown in FIG. 4B) used to provide the proprietary APIrequest.

In various other implementations, the normalized API requests and/or theproprietary API requests may include other sets of parameters, dependingon the specifics of the APIs and the types of requests involved. Forexample, other requests may include identifier tokens, multiple accountidentifiers (e.g., when requesting transfer of funds), etc. Additionalexamples and details of such other types of requests and functionalityof the system may be found in the '897 application.

In some implementations, the system may send various types of alertsand/or other indications to a user computing device (e.g., usercomputing devices 171, 172, and/or 173). These various types of alertsand/or other indications may activate one or more applications (e.g., anSMS (simple message service) and/or MMS (multimedia messaging service)process and/or application, an email process and/or application, aprocess and/or application related to the system, a first-party and/orthird-party process and/or application (e.g., of an institution and/or auser-facing application/service), and/or the like) on the user computingdevice. For example, as described herein, alerts may be communicatedwith the user computing device for the purpose of completing amulti-factor authentication process. In such an example, an SMS messagewith a secret/authentication code may be communicated to the usercomputing device, activating an SMS process and/or application (and/oranother process and/or application) on the user computing device. Suchan alert may be sent by the system and/or an institution system. Inanother example, the system may send alerts to the user computing deviceregarding access to a user account of the user, a transaction, and/orthe like. Such alerts may notify the user that a new transaction hasposted to their account, that a transaction has posted for a particularamount, a transaction has been denied, and/or the like. Such alerts maycomprise SMS messages, email messages, and/or other types of messagesthat may activate various processes and/or applications, as describedabove. In yet another example, the system may send an alert to the usercomputing device including an account document, which may cause aprocess and/or application suitable for reading the account document tobe activated on the user computing device.

V. System Architecture

FIG. 11 is an architecture diagram of the system 100 according to animplementation in which the system is implemented by a server device.Alternatively, the system may be implemented by a plurality of devices,in a hosted computing environment (e.g., in a cloud server), and/or inany other suitable environment.

The bus 1102 interfaces with the processors 1101A-1101N, the main memory(e.g., a random access memory (RAM)) 1122, a read only memory (ROM)1104, a computer readable storage medium 1105 (e.g., a non-transitorycomputer readable storage medium), a display device 1107, a user inputdevice 1108, and a network device 1111.

The processors 1101A-1101N may take many forms, such as ARM processors,X86 processors, and/or the like.

In some implementations, the system includes at least one of a centralprocessing unit (processor) and a multi-processor unit (MPU).

The processors 1101A-1101N and the main memory 1122 form a processingunit 1199. In some embodiments, the processing unit includes one or moreprocessors communicatively coupled to one or more of a RAM, ROM, andcomputer readable storage medium; the one or more processors of theprocessing unit receive instructions stored by the one or more of a RAM,ROM, and computer readable storage medium via a bus; and the one or moreprocessors execute the received instructions. In some embodiments, theprocessing unit is an ASIC (Application-Specific Integrated Circuit). Insome embodiments, the processing unit is a SoC (System-on-Chip). In someembodiments, the processing unit includes one or more of an API, anapplication proxy system, one or more instance interface modules,account documents, a transaction engine, a document processing engine,and/or any other functionality or aspects of the system as describedherein.

The network adapter device 1111 provides one or more wired or wirelessinterfaces for exchanging data and commands between the system and otherdevices, such as external user account systems (e.g., institutions 141,142, and/or 143), external user-facing systems/applications (e.g.,applications 151 and/or 152), user devices (e.g., user devices 171and/or 172), and/or the like. Such wired and wireless interfacesinclude, for example, a universal serial bus (USB) interface, Bluetoothinterface, Wi-Fi interface, Ethernet interface, near field communication(NFC) interface, and/or the like. In some embodiments, the systemcommunicates with other devices via the Internet.

Machine-executable instructions (e.g., computer readable programinstructions) in software programs (such as an operating system,application programs, and device drivers) are loaded into the memory1122 (of the processing unit 1199) from the processor-readable storagemedium 1105, the ROM 1104 or any other storage location. Duringexecution of these software programs, the respective machine-executableinstructions are accessed by at least one of processors 1101A-1101N (ofthe processing unit 1199) via the bus 1102, and then executed by atleast one of processors 1101A-1101N. Data used by the software programsare also stored in the memory 1122, and such data is accessed by atleast one of processors 1101A-1101N during execution of themachine-executable instructions of the software programs. Theprocessor-readable storage medium 1105 includes an operating system1112, software programs/applications 1113, device drivers 1114, the API110, the application proxy system 120, the institution interface modules131, 132, and 133, and account documents 192. In some implementations,the processor-readable storage medium 1105 includes the transactionengine 193, the document processing engine 194, the token generationengine 195, and/or the record vault 1302 (which may comprise anencrypted or otherwise secured database or data store, as describedbelow).

Further details regarding the system architecture are described below.

VI. Example Network Environment of the System when ImplementingPermissions Management

FIG. 12 illustrates an example network environment 1200 in which apermissions management system 1204 may operate, according to anembodiment. As shown, the network environment includes the permissionsmanagement system 1204, an external user account system 1206, anexternal user-facing system/application 1208, a permissions plug-in1210, a permissions plug-in 1211, a trusted third-party processor system1212, a user computing device 1214, and a user 1216. The various aspectsof the network environment 1200 may communicate via a network/Internet1202. The network/Internet 1202 may comprise a wired and/or wirelessnetwork, and/or in certain embodiments may comprise one or more wiredand/or wireless network. The various components of the networkenvironment 1200 may communicate via the network/Internet 1202, and/oralternatively may communicate directly with one another via one or moreother wired or wireless connections. In some embodiments, thepermissions management system 1204 may include the functionality of thesystem 100 described above, and/or the functionality of the system 100described above may be implemented in one or more other computingsystems in the network environment 1200. For clarity of description,however, the following description assumes that the permissionsmanagement system 1204 includes the functionality of the system 100described above.

Additionally, the external user account system 1206 may comprise asystem of an institution (e.g., one of institution systems 141, 142,and/or 143), and while more than one the external user account system1206 may be involved in communication with the permissions managementsystem 1204, one external user account system 1206 is shown in FIG. 12for purposes of clarity.

Further, external user-facing system/application 1208 may comprise thesystem and/or application, merchant, and/or the like, with which theuser may interact. For example, the user 1216 may interact with theexternal user-facing system/application 1208 via the user computingdevice 1214. In one example, the external user-facing system/application1208 may comprise an app, and/or web-based application, running onand/or rendered by the user computing device 1214 (e.g., a mobiledevice, and/or the like), as described above (e.g., in reference to app151 and/or 152).

In an embodiment, the external user-facing system/application 1208 mayinclude the permissions plug-in 1210. The permissions plug-in 1210 maycomprise a software/code module, snippet, and/or the like, which may beintegrated into the external user-facing system/application 1208. Thepermissions plug-in 1210 may be provided by the permissions managementsystem 1204 and/or the external user account system 1206 such that theexternal user-facing system/application 1208 may include functionalityprovided by the permissions management system 1204 (either directly orindirectly via the external user account system 1206). In oneimplementation, the permissions plug-in 1210 comprises JavaScript code(or code written in any other programming language) integrated into theexternal user-facing system/application 1208. The JavaScript code, whenexecuted, may communicate with the permissions management system 1204and/or the external user account system 1206 to provide certainfunctionality as described herein. Advantageously, in someimplementations, the permissions plug-in 1210 may generate interactiveuser interfaces that may be presented to the user 1216. Information maybe obtained from the user 1216 via the interactive user interfaces ofthe permissions plug-in 1210 (e.g., account credentials, and/or thelike). The permissions plug-in 1210 may obtain such information, andcommunicate the information to the permissions management system 1204and/or the external user account system 1206 in a secure manner suchthat the external user-facing system/application 1208 does not haveaccess to the information provided by the user 1216.

Further, the permissions plug-in 1210 may advantageously handleestablishing secure communications with the permissions managementsystem 1204 and/or the external user account system 1206, and/or otherfunctionality as described herein, such that a developer of the externaluser-facing system/application 1208 need not be concerned with theseaspects (thus speeding development of the external user-facingsystem/application 1208).

In an embodiment, the user computer device 1214 may include thepermissions plug-in 1211 that functions similarly to the permissionplug-in 1210 described above. Similar to the permissions plug-in 1210,the permissions plug-in 1211 may comprise a software/code module,snippet, and/or the like. The permissions plug-in 1211 may be integratedinto another software application executed by the user computing device1214 (e.g., a software application dedicated to enabling communicationswith, e.g., the external user account system 1206) or may otherwise beexecutable by the user computing device 1214 (e.g., by a web browser ofthe user computing device 1214). The permissions plug-in 1211 may beprovided by the permissions management system 1204 and/or the externaluser account system 1206 such that the user computing device 1214 mayinclude functionality provided by the permissions management system 1204(either directly or indirectly via the external user account system1206). In one implementation, the permissions plug-in 1211 comprisesJavaScript code or code written in any other programming language. TheJavaScript code, when executed, may communicate with the permissionsmanagement system 1204 and/or the external user account system 1206 toprovide certain functionality as described herein. Advantageously, insome implementations, the permissions plug-in 1211 may generateinteractive user interfaces that may be presented to the user 1216.Information may be obtained from the user 1216 via the interactive userinterfaces of the permissions plug-in 1211 (e.g., account credentials,and/or the like). The permissions plug-in 1211 may obtain suchinformation, and communicate the information to the permissionsmanagement system 1204 and/or the external user account system 1206 in asecure manner such that the external user-facing system/application 1208does not have access to the information provided by the user 1216.Further, the permissions plug-in 1211 may advantageously handleestablishing secure communications with the permissions managementsystem 1204 and/or the external user account system 1206, and/or otherfunctionality as described herein, such that a developer of the externaluser-facing system/application 1208 need not be concerned with theseaspects (thus speeding development of the external user-facingsystem/application 1208).

In addition to the detailed description of the functionality providedbelow, additional examples and details may be found in U.S. ProvisionalPatent Application No. 62/215,603, filed Sep. 8, 2015, and titled“Link,” previously incorporated by reference herein.

VII. Example Action Diagrams for Authorization

FIGS. 13A-13B are action diagrams illustrating example interactionsamong the aspects of the network environment 1200, according to anembodiment. As described below, interactions among the various aspectsof the network environment 1200 may enable permissioning of access to,and execution of transactions on, user accounts on the external useraccount system 1206 (or multiple external user account systems 1206).Further, interactions among the various aspects of the networkenvironment 1200 may enable a user to grant authorization and/or revokeauthorization to access their accounts.

In the action diagrams of FIGS. 13A-13B, and other action diagramsdescribed herein, in various implementations the actions shown anddescribed may be performed in orders different from those shown. Forexample, certain actions may take place before or after other actions,according to various implementations.

Interaction among the aspects of the network environment 1200 may beaccomplished via various API calls (e.g., through API 110), as generallydescribed above. Thus, for example, account credentials, userinformation, token identifiers, transaction requests, and/or any otherinformation transmitted during the interactions described below may becommunicated via normalized API requests. As described above, the API ofthe permissions management system 1204 may advantageously be clearlydefined such that software applications and/or systems may beefficiently developed to interact with the permissions management system1204 in an efficient manner. Additionally, each communication amongaspects of the network environment 1200 may include multiple requestsand/or acknowledgments in order to ensure effective communication.Further, communications may be made via secure connections.

FIG. 13A is an action diagram illustrating example interactions amongthe aspects of the network environment 1200, according to an embodiment.In the action diagram of FIG. 13A, the system enables a user toauthorize access to a user account, according to an embodiment.

In action 1 a, the user computing device 1214 interacts with theexternal user account system 1206. Such an interaction may arise, forexample, when a user of the user computing device 1214 provides an inputindicating an intent to provide authorization to a user account. Forexample, the user may be interacting, via the user computing device1214, with the external user-facing system/application 1208 (e.g., theuser may access an app and/or website of a merchant on their mobiledevice or desktop computer). The user may desire, or may be prompted to,provide the external user-facing system/application 1208 authorizationto access user account data of a user account of the user (e.g., a useraccount held by the institution associated with the external useraccount system 1206). Accordingly, in an embodiment, the permissionsplug-in 1211 may be executed by the user computing device 1214, whichmay present an interactive user interface to the user (as described infurther detail below in reference to FIG. 18). Examples of interactiveuser interfaces enabled by the permissions plug-in 1211 are describedbelow in reference to FIGS. 19A-19J, and 20A-20C.

In various implementations, the interactive user interface may begenerated by the permissions plug-in 1210, the permissions plug-in 1211,another software application, and/or any combination of these. Throughthe interactive user interface, the user may provide account credentialsand/or other authorization for access to an account of the user. Asdescribed below, the authorization may include various limitations onaccess to the account (herein referred to as “permissions” and/or thelike). Access to the account may include, for example, the ability toexecute transactions, the ability to obtain information related to theuser, the ability to obtain transaction information, and/or the like. Asmentioned above, the authorization, account credentials, and/or thelike, may be provided via the permissions plug-in 1211 to the externaluser account system 1206 in a secure manner such that the informationprovided is not accessible to the external user-facingsystem/application 1208 or the permissions management system 1204. Thus,advantageously, according to various embodiments of the presentdisclosure, the user may securely provide sensitive information to theexternal user account system 1206 without revealing such information tothe external user-facing system/application 1208 (e.g., a merchant,developer, etc.) or the permissions management system 1204.

Communication between the permissions plug-in 1211 and the external useraccount system 1206 may include transmission of certain information. Forexample, the permissions plug-in 1211 may transmit a client ID (e.g., aunique identifier associated with the external user-facingsystem/application 1208, which may be obtained from the externaluser-facing system/application 1208), a user identifier (e.g., a uniqueidentifier associated with the user), account credentials, a secret key,and/or the like to the external user account system 1206, which may beprocessed and verified by the external user account system 1206.

In action 1 b, based on the information received from the user computingdevice 1214, the external user account system 1206 generates anelectronic record. The electronic record is generated by the externaluser account system 1206 as described in further detail below, however,the electronic record may include one or more of: a unique record name,account credentials, an identifier associated with the user, anidentifier associated with the external user-facing system/application1208 (e.g., the client ID), user account information, or one or morepermissions.

As shown, the external user account system 1206 may include a recordvault 1302, which, as described herein, comprises one or more databasessecurely storing generated electronic records. Accordingly, in action 1a, the electronic record that is generated by the external user accountsystem 1206 is stored in the record vault 1302. Each generatedelectronic record may be associated with, and identified by, a token(e.g., a unique identifier associated with that electronic record, alsoreferred to herein as a “unique record identifier”). In an embodiment,the token (e.g., the unique record identifier) is generated based on anencrypted hash of one or more elements of the electronic record.Alternatively, the token may be randomly generated.

In an implementation, the electronic record and/or the token may begenerated without verification that the account credentials are valid orcorrect.

In action 1 c, the token is transmitted to the user computing device1214, and in action 2, the token is transmitted to the permissionsmanagement system 1204. Alternatively, the token may be transmitted tothe permissions management system 1204 directly.

In action 3, the permissions management system 1204 may interface withthe external user account system 1206, using the token, to initiate orenable access to the user account data associated with the user. At thispoint, the external user account system 1206 may verify that the accountcredentials are valid, and may return a message to the permissionsmanagement system 1204 if so or if not. If so, the external user accountsystem 1206 may generate and store an access key (e.g., a uniqueidentifier) similar to the token that may be used by the permissionsmanagement system 1204 to request additional access to the user accountdata. The access key may therefore be transmitted to the permissionsmanagement system 1204. In some implementations, the access key and thetoken are similar or the same, such that an access key may not begenerated, but the token may be used to access the user account data.

Additionally in action 3, the account credentials provided by the usermay be used to obtain user account data (e.g., user account information,account numbers, routing numbers, and/or the like). Communication withthe external user account system 1206 may be accomplished via an API(public or non-public) or other suitable communications method. In someimplementations, communications are accomplished as generally describedabove in reference to various figures, wherein, for example, virtualinstances of an application of the external user account system 1206 maybe generated to communicate with the external user account system 1206via a public/non-public API.

In action 4, if the account credentials are verified as valid, theexternal user account system 1206 may communicate with the usercomputing device 1214 to prompt the user to accept terms and conditionsof other forms required by the external user account system 1206. Insome implementations, such a prompt may be provided before accountcredentials are verified.

Additionally in action 4, the external user account system 1206 maycommunicate with the user computing device 1214 to prompt the user toselect a specific account from a plurality of accounts (or otherinformation) via an interactive user interface presented to the user,e.g., by the permissions plug-in 1211.

In some implementations, as described below in reference, e.g., toactions 1 and 2 of FIG. 13B, the interactive user interfaces throughwhich the user may provide the account credentials and other informationmay be provided via the permissions management system 1204, the externaluser account system 1206, the permissions plug-in 1210, and/or thepermissions plug-in 1211. In some implementations, as also describedbelow, rather than the user providing account credentials via thepermissions management system 1204, the permissions management system1204, external user account system 1206, the permissions plug-in 1210,and/or the permissions plug-in 1211 may cause the interactive userinterface displayed to the user to be redirected to a page or userinterface provided directly by the external user account system 1206.

In action 5, the permissions management system 1204 may store the tokenand/or the access key in a secure database 1304, which may be similar tothe record vault 1302 described herein, and which may be encrypted, forexample.

In action 6, the permissions management system 1204 may generate andstore an API access key (e.g., a unique identifier) similar to the tokenthat may be used by the external user-facing system/application 1208 torequest user account data. The API access key may therefore betransmitted to the external user-facing system/application 1208. In someimplementations, the API access key and the token are similar or thesame, such that an API access key may not be generated, but the tokenmay be used to access the user account data.

In various embodiments, secure communication between the permissionsmanagement system 1204 and the external user-facing system/application1208 may be established via any suitable method. For example, in animplementation, the permissions management system 1204 may provide a“public token” to the external user-facing system/application 1208. Inresponse, the external user-facing system/application 1208 may provideto the permissions management system 1204 a client ID, the public token,and a secret key/identifier (that was previously securely provided tothe external user-facing system/application 1208 from the permissionsmanagement system 1204. The permissions management system 1204 may thenuse this information (e.g., the client ID, the public token, and thesecret key/identifier) to authenticate the access and communications toand from the external user-facing system/application 1208. Similar oralternative methods of establishing secure communications betweenvarious devices of the system may be used in various embodiments of thedisclosure.

In action 7, the permissions management system 1204 may use the tokenand/or the access key to obtain additional user account data (e.g.,transaction data) from the external user account system 1206. Asdescribed above, communication with the external user account system1206 may be accomplished via an API (public or non-public) or othersuitable communications method. In some implementations, communicationsare accomplished as generally described above in reference to variousfigures, wherein, for example, virtual instances of an application ofthe external user account system 1206 may be generated to communicatewith the external user account system 1206 via a public/non-public API.

In action 8, user account data is requested by and/or provided to theexternal user-facing system/application 1208. For example, the externaluser-facing system/application 1208 may request user account data byproviding the token and/or API access key to the permissions managementsystem 1204.

In some implementations, action 7 may be performed multiple timesautomatically. For example, action 7 may be performed periodically or ona schedule. Alternatively, action 7 may be performed in response torequests received, e.g., from the external user-facingsystem/application 1208. In various embodiments actions 7 and 8 mayoccur in any order and/or simultaneously.

In action 9, the external user-facing system/application 1208 mayprovide user account information to the user computing device 1214(e.g., via a software application on the user computing device 1214).

Accordingly, as described in action diagram of FIG. 13A, via interactionwith the external user-facing system/application 1208 and/or the usercomputing device 1214, the user may provide account credentials andauthorize access to user account data by the external user-facingsystem/application 1208, without sharing user account information withthe external user-facing system/application 1208. Advantageously,according to certain embodiments, the external user-facingsystem/application 1208 need not be trusted with the user accountinformation, which may simplify development of the external user-facingsystem/application 1208, and give a user piece of mind in itsinteractions with the external user-facing system/application 1208.Additionally, as is described below, implementations of the system mayenable the user to de-authorize, view permissions of, and/or changepermissions of, the external user-facing system/application 1208.

FIG. 13B is an action diagram illustrating example interactions amongthe aspects of the network environment 1200, according to an embodiment.In various embodiments, actions and aspects of the actions describedabove with reference to FIG. 13A may similarly be applied to the actionsof FIG. 13B.

In action 1 of FIG. 13B, a user interacts with the external user-facingsystem/application 1208 via the user computing device 1214. For example,the user may access an app and/or website of the merchant on theirmobile device or desktop computer. While the user is interfacing withthe external user-facing system/application 1208, the externaluser-facing system/application 1208 may execute the permissions plug-in1210, which may present an interactive user interface to the user (asdescribed in further detail below in reference to FIG. 18). Examples ofinteractive user interfaces enabled by the permissions plug-in 1210 aredescribed below in reference to FIGS. 19A-19J, and 20A-20C.

Through the interactive user interface, the user may provide accountcredentials and/or other authorization for access to an account of theuser. As described below, the authorization may include variouslimitations on access to the account (herein referred to as“permissions” and/or the like). Access to the account may include, forexample, the ability to execute transactions, the ability to obtaininformation related to the user, the ability to obtain transactioninformation, and/or the like. As mentioned above, the authorization,account credentials, and/or the like, are provided via the permissionsplug-in 1210 to the permissions management system 1204 in a securemanner such that the information provided is not accessible to theexternal user-facing system/application 1208. Thus, advantageously,according to various embodiments of the present disclosure, the user maysecurely provide sensitive information to the permissions managementsystem 1204 without revealing such information to the externaluser-facing system/application 1208 (e.g., a merchant, developer, etc.).

Establishing secure communication between the permissions plug-in 1210and the permissions management system 1204 may include transmission ofcertain identifying information. For example the permissions plug-in1210 and/or the external user-facing system/application 1208 maytransmit a client ID (e.g., a unique identifier associated with theexternal user-facing system/application 1208), a user identifier (e.g.,a unique identifier associated with the user), a secret key, and/or thelike to the permissions management system 1204, which may be processedand verified by the permissions management system 1204.

In action 2, the permissions management system 1204 may interface withthe external user account system 1206, using account credentialsprovided by the user, to obtain user account data (e.g., user accountinformation, account numbers, routing numbers, transaction data, and/orthe like). Communication with the external user account system 1206 maybe accomplished as generally described above in reference to variousfigures, wherein, for example, virtual instances of an application ofthe external user account system 1206 may be generated to communicatewith the external user account system 1206 via a public/non-public API.As also described above, establishing communication with the externaluser account system 1206 may include multifactor authentication (whichmay require additional communications to or from the user computingdevice 1214) and/or the like. Additionally, action 2 may includeenabling the user to select a specific account from a plurality ofaccounts via an interactive user interface presented to the user by thepermissions plug-in 1210. In some instances, user account informationmay be obtained by analysis of documents (e.g., PDFs of accountstatements), that may be available from the external user account system1206.

In action 3, based on the user account data obtained from the externaluser account system 1206, the permissions management system 1204generates an electronic record. The electronic record is generated bythe permissions management system 1204 as described in further detailbelow, however, the electronic record may include at least a uniquerecord name, an identifier associated with the user, an identifierassociated with the external user-facing system/application 1208 (e.g.,the client ID), user account information obtained from the external useraccount system 1206, and one or more permissions.

As shown in FIG. 13B, the permissions management system 1204 may includea record vault 1302, which, as described herein, comprises one or moredatabases securely storing generated electronic records. Accordingly, inaction 3, the electronic record that is generated by the permissionsmanagement system 1204 is stored in the record vault 1302. Eachgenerated electronic record may be associated with, and identified by, atoken (e.g., a unique identifier associated with that electronic record,also referred to herein as a “unique record identifier”). In anembodiment, the token (e.g., the unique record identifier) is generatedbased on an encrypted hash of one or more elements of the electronicrecord. Alternatively, the token may be randomly generated.

In an alternative to one or more of the actions of FIG. 13B, in actionZ, rather than the user providing account credentials to the permissionsmanagement system 1204, the permissions management system 1204 and/orthe permissions plug-in 1210 may cause the interactive user interfacedisplayed to the user to be redirected to a page or user interfaceprovided directly by the external user account system 1206. Accordingly,as described above in reference to actions 1 a, 1 b, 1 c, and 2 of FIG.13A, the external user account system 1206 may generate a token that maybe transmitted to the permissions management system via the usercomputing device 1214. This token may then be user by the permissionsmanagement system 1204 to access user account data from the externaluser account system 1206.

In action 4, the token is transmitted back to the external user-facingsystem/application 1208. Advantageously, in various embodiments, thetoken does not include any account information (and/or any unencryptedaccount information) of the user, such that the external user-facingsystem/application 1208 may not use the token to directly access anaccount of the user. The external user-facing system/application 1208may store the token in association with the user. Accordingly, as isdescribed in detail below, the external user-facing system/application1208 may use the token to initiate payments or other transactions withthe user.

In action 5, the external user-facing system/application 1208 mayrequest execution of a transaction associated with the user viacommunication with the trusted third-party processor system 1212 (e.g.,a payment processor). For example, if the external user-facingsystem/application 1208 is a merchant, the external user-facingsystem/application 1208 may request payments or a service or good viathe trusted third-party processor system 1212. In making the request,the external user-facing system/application 1208 transmits transactiondetails and the token to the trusted third-party processor system 1212.Transaction details may include, for example, an amount of the paymentbe made, the frequency of payments be made, and/or the like.

In action 6, in order to execute the transaction requested by theexternal user-facing system/application 1208, the trusted third-partyprocessor system 1212 communicates with the permissions managementsystem 1204 to obtain account details (e.g., account and routingnumbers) of the user, and to get authorization to execute thetransaction. Accordingly, the trusted third-party processor system 1212communicates the token and transaction details to the permissionsmanagement system 1204.

In action 7, the permissions management system 1204 identifies theelectronic record in the record vault 1302 related to the token receivedfrom the trusted third-party processor system 1212. The permissionsmanagement system 1204 retrieves the identified electronic record,including information related to the electronic record such as variouspermissions information. The permissions management system 1204 thencompares the transaction details to the permissions informationassociated with the electronic record, and determines whether theexternal user-facing system/application 1208 is authorized to executethe transaction requested.

In action 8, if the permissions management system 1204 determines thatthe external user-facing system/application 1208 is not authorized toexecute the transaction, such an indication is transmitted back to thetrusted third-party processor system 1212. The trusted third-partyprocessor system 1212 may then indicate to the external user-facingsystem/application 1208 that it is not authorized to execute thetransaction. If the permissions management system 1204 determines thatthe external user-facing system/application 1208 is authorized toexecute the transaction, the permissions management system 1204transmits to the trusted third-party processor system 1212 accountdetails (e.g., account and routing numbers) of the user necessary toexecute the transaction, and an indication that the external user-facingsystem/application 1208 is authorized to execute the transaction.

In action 9, using the account details received from the permissionsmanagement system 1204, the trusted third-party processor system 1212executes the transaction via communication with the external useraccount system 1206. For example, the account details received from thepermissions management system 1204 may include an account number androuting number, a credit card number, and/or the like. The trustedthird-party processor system 1212 may utilize such information toexecute the funds transfer (e.g., an ACH transfer, as described above),and/or the like, through communication with the external user accountsystem 1206.

In action 10, the trusted third-party processor system 1212 communicateswith the external user-facing system/application 1208 an indication thetransaction has been executed, or an indication that the transaction wasnot executed (if, for example, there were insufficient funds, and/or thelike). Such communication between the trusted third-party processorsystem 1212 and the external user-facing system/application 1208 mayinclude multiple back-and-forth communications regarding, for example, astatus regarding an attempted execution of transaction, and/or the like.

Accordingly, as described in action diagram of FIG. 13B, via interactionwith the external user-facing system/application 1208, the user mayprovide account credentials to the permissions management system 1204,and authorize execution of a transaction by the external user-facingsystem/application 1208, without sharing user account information withthe external user-facing system/application 1208. Advantageously,according to certain embodiments, the external user-facingsystem/application 1208 need not be trusted with the user accountinformation, which may simplify development of the external user-facingsystem/application 1208, and give a user piece of mind in itsinteractions with the external user-facing system/application 1208.Additionally, as is described below, the implementation of FIG. 13Benables the user to de-authorize, and/or change permissions of, theexternal user-facing system/application 1208.

In some implementations, the functionality of one or more of thepermissions management system 1204, the external user-facingsystem/application 1208, and/or the trusted third-party processor system1212 may be combined and/or subdivided into more systems/devices. Forexample, in an embodiment, the permissions management system 1204 mayfunction as both the permissions management system and the trustedthird-party processor, thereby simplifying and combining some of theactions described above.

As mentioned, communications among the various aspects of the networkenvironment 1200 may be via secure channels (e.g., encrypted channels).For example, in order to be “trusted,” the trusted third-party processorsystem 1212 may need to securely identify itself with the permissionsmanagement system 1204. For example, the trusted third-party processorsystem 1212 could prove a mutually agreed upon authorization,encryption, or identification. Other similar communications may takeplace among other aspects of the network environment 1200, according tocertain embodiments.

In various embodiments certain actions may be initiated in response tocertain other actions. For example, the token may be generated inresponse to a request from the external user-facing system/application1208 for account information and/or execution of a transaction. Invarious embodiments additional aspects may be involved in executingtransactions. For example, two of more processor systems or externaluser account systems may coordinate and/or make requests of one anotherto execute transactions.

VIII. Example Action Diagram for De-authorization

FIG. 14 is an action diagram illustrating example interactions among theaspects of the network environment 1200 by which the user mayde-authorize the external user-facing system/application 1208, accordingto an embodiment. Each of actions 1 a, 1 b, and 1 c illustratealternative means of de-authorizing the ability of the externaluser-facing system/application 1208 to execute transactions with respectto the user.

In action 1 a, the user may request, via the external user-facingsystem/application 1208 and the permissions plug-in 1210,de-authorization of the external user-facing system/application 1208 toexecute transactions and/or access data related to the user. The requestis made via communication with the permissions management system 1204through the permissions plug-in 1210, for example.

Alternatively, in action 1 b, the user may request, directly to thepermissions management system 1204, de-authorization of the externaluser-facing system/application 1208 to execute transactions and/oraccess data related to the user (e.g., via an interactive user interfaceof the permissions management system 1204, via a link in an email fromthe permissions management system 1204, and/or the like).

In another alternative, in action 1 c, the user may be request, via apermissions plug-in 1402 (similar to the permissions plug-in 1210) asimplemented by the external user account system 1206, de-authorizationof the external user-facing system/application 1208 to executetransactions and/or access data related to the user. For example, wheninterfacing with the external user account system 1206 via a web-basedportal of the external user account system 1206, the user may have theoption of requesting de-authorization of the external user-facingsystem/application 1208.

In action 2, the permissions management system 1204 receives the requestto de-authorize the external user-facing system/application 1208, andprocesses the request by updating the electronic record (as stored inthe record vault 1302). For example, the external user-facingsystem/application 1208 may delete the electronic record, may add anindication to the electronic record that the external user-facingsystem/application 1208 has been de-authorized, and/or may change one ormore permissions associated with the electronic record.

In optional action 3, the permissions management system 1204 may notifythe external user-facing system/application 1208 of thede-authorization.

Actions 4-8 illustrate actions that may take place if the externaluser-facing system/application 1208 attempts to initiate a transactionrelated to the user after de-authorization.

In action 4, the external user-facing system/application 1208 requestsexecution of a transaction via the trusted third-party processor system1212, as described above, by providing at least the token andtransaction details.

In action 5, the trusted third-party processor system 1212 communicatesthe transaction details and the token to the permissions managementsystem 1204 to request authorization to execute the transactionrequested by the external user-facing system/application 1208.

As described above, in action 6, the permissions management system 1204,using the token, accesses the electronic record related to the user andthe external user-facing system/application 1208. The permissionsmanagement system 1204 then compares the transaction details to thepermissions indicated by the accessed electronic record. If theelectronic record does not exist, and/or the permissions indicate thatthe external user-facing system/application 1208 has been de-authorized,in action 7 the permissions management system 1204 communicates anindication to the trusted third-party processor system 1212 that theexternal user-facing system/application 1208 does not have authorizationfor the transaction. In action 8, the trusted third-party processorsystem 1212 indicates to the external user-facing system/application1208 that it is not authorized to execute the transaction.

In an alternative not depicted in FIG. 14, the user may similarlyde-authorize the external user-facing system/application 1208 viainteraction with the trusted third-party processor system 1212, wherein,either via a permissions plug-in as implemented by the trustedthird-party processor system 1212, or via direct communication, thepermissions management system 1204 is notified of the de-authorization.

Accordingly, in various embodiments, via interaction with thepermissions management system 1204, the user is enabled to de-authorizethe ability of the external user-facing system/application 1208 toexecute transactions. This is possible because, advantageously, useraccount data (e.g., account number, routing number, and/or the like) maynot be shared with the external user-facing system/application 1208.Rather, the permissions management system 1204 manages authorization ofthe external user-facing system/application 1208 to executetransactions, and stores user account data securely.

In certain implementations, rather than completely de-authorizing theexternal user-facing system/application 1208, the user may alter orupdate one or more permissions granted to the external user-facingsystem/application 1208. For example, the user may change a frequency ofallowed transactions, change a value of allowed transactions, and/or thelike. Additionally, in certain implementations, the user mayalternatively, and/or in addition, make other changes to theauthorization, including choosing a different account from which fundsmay be withdrawn, etc.

IX. An Alternative Example Action Diagram for Authorization

FIG. 15 is an action diagram illustrating example interactions among theaspects of the network environment 1200, according to an embodiment thatis an alternative to the embodiments of FIGS. 13A-13B. As with FIGS.13A-13B, interactions among the various aspects of the networkenvironment 1200 (as represented in FIG. 15) enable permissioning ofaccess to, and execution of transactions on, user accounts on theexternal user account system 1206 (or multiple external user accountsystems 1206). Further, interactions among the various aspects of thenetwork environment 1200 enable a user to grant authorization and/orrevoke authorization to access their accounts.

In action 1, the user may provide, to the permissions management system1204, account credentials and/or other authorization for access to anaccount of the user. This may be accomplished similar to what isdescribed above in reference to action 1 of FIG. 13B and/or one or moreof actions 1 a-1 c and 2-4 of FIG. 13A.

In action 2, the permissions management system 1204 may access anaccount/user account data of the user, similar to what is describedabove in reference to action 2 of FIG. 13B and/or various actions ofFIG. 13A.

In action 3, the permissions management system 1204 communicates useraccount data (including, e.g., account numbers, routing number, and/orthe like) and other data relevant to electronic record and tokencreation (e.g., a client ID, a user identifier, etc.) to the trustedthird-party processor system 1212.

Differing from the interactions of FIG. 13B, in the embodiment of FIG.15 the trusted third-party processor system 1212 includes the recordvault 1302. Accordingly, in action 4, the trusted third-party processorsystem 1212 generates an electronic record and token and stores theelectronic record in the record vault 1302, similar to what is describedabove in reference to action 3 of FIG. 13B.

In action 5, the trusted third-party processor system 1212 communicatesthe token to the permissions management system 1204, and in action 6 thepermissions management system 1204 communicates the token to theexternal user-facing system/application 1208. Alternatively, the trustedthird-party processor system 1212 may communicate the token directly tothe external user-facing system/application 1208.

In action 7, the external user-facing system/application 1208 mayrequest execution of a transaction associated with the user viacommunication with the trusted third-party processor system 1212,similar to what is described above in reference to action 5 of FIG. 13B.

In action 8, similar to what is described above in reference to action 7of FIG. 13B, the trusted third-party processor system 1212 may identifythe electronic record in the record vault 1302 related to the tokenreceived from the external user-facing system/application 1208. Thetrusted third-party processor system 1212 retrieves the identifiedelectronic record, including information related to the electronicrecord such as various permissions information. The trusted third-partyprocessor system 1212 then compares the transaction details to thepermissions information associated with the electronic record, anddetermines whether the external user-facing system/application 1208 isauthorized to execute the transaction requested.

Actions 9 and 10 proceed similar to actions 9 and 10 of FIG. 13B,described above.

Alternatives described above in reference to FIGS. 13A-13B may similarlybe applied to the embodiment of FIG. 15. In various embodiments, theuser may de-authorize the external user-facing system/application 1208(and/or change permissions, etc., related to the external user-facingsystem/application 1208) when the record vault 1302 is stored by thetrusted third-party processor system 1212, in ways similar to thosedescribed above in reference to the embodiments of FIG. 14 (with thedifference that, e.g., the request for de-authorization, change ofpermissions, account change, etc. is communicated to the trustedthird-party processor system 1212, either directly, or via anotheraspect of the network environment 1200).

As mentioned above, secure communications between the externaluser-facing system/application 1208 and the permissions managementsystem 1204 and/or the trusted third-party processor system 1212 can beaccomplished via public and/or secret key exchange. Further, in variousimplementations, multiple tokens may be used in the actions describedabove. For example, the token stored by the trusted third-partyprocessor system 1212 may differ from the token shared with the externaluser-facing system/application 1208 (e.g., a different unique identifiermay be shared with the external user-facing system/application 1208).

In an implementation, interactions among the aspects of the networkenvironment 1200 may proceed as follows: the permissions managementsystem 1204 may generate a token related to account information of theuser (as described above in references to various implementations); thepermissions management system 1204 may send the token to the externaluser-facing system/application 1208 (in some implementations, this tokenand/or information sent to the external user-facing system/application1208 may include account information such as an account number and arouting number); the external user-facing system/application 1208 maysend a request to the trusted third-party processor system 1212 forexecution of a transaction (which request may include, e.g., the tokenand/or other account information); the trusted third-party processorsystem 1212 may optionally communicate with the permissions managementsystem 1204 to determine that the external user-facingsystem/application 1208 is authorized to cause the transaction to beexecuted (e.g., permissions may be checked, an account balance may bechecked, etc.); and the trusted third-party processor system 1212 mayinitiate execution of the transaction (e.g., by sending a request to theexternal user account system 1206). In this implementation, thepermissions management system 1204 may generate the token afteraccessing account information from the external user account system 1206(e.g., as described herein) and/or in response to a request receivedfrom the external user-facing system/application 1208.

As mentioned above, in some implementations the system may send varioustypes of alerts and/or other indications to a user computing device(e.g., user computing device 1214). These various types of alerts and/orother indications may activate one or more applications (e.g., an SMS(simple message service) and/or MMS (multimedia messaging service)process and/or application, an email process and/or application, aprocess and/or application related to the system, a first-party and/orthird-party process and/or application (e.g., of an institution and/or auser-facing application/service), and/or the like) on the user computingdevice. In some examples, the system may send alerts to the usercomputing device regarding authorization and/or de-authorization of anexternal user-facing system/application, an attempt by an externaluser-facing system/application to initiate a transaction that it is notauthorized to initiate (e.g., a transaction of too much value, atransaction that is too frequent, and/or the like), and/or the like.Such alerts may comprise SMS messages, email messages, and/or othertypes of messages that may activate various processes and/orapplications, as described above. In another example, an alert mayactivate, e.g., an email application by which the user may select a linkto de-authorize an external user-facing system/application (eitherautomatically, or via a user interface that may be presented as a resultof selecting the link).

In various embodiments certain actions may be initiated in response tocertain other actions. For example, the token may be generated inresponse to a request from the external user-facing system/application1208 for account information and/or execution of a transaction. Invarious embodiments additional aspects may be involved in executingtransactions. For example, two of more processor systems or externaluser account systems may coordinate and/or make requests of one anotherto execute transactions.

X. Example Token Generation Methods

FIG. 16A is a flowchart of an example method of generating a token,according to an embodiment. For example, the method of FIG. 16A may beperformed by the permissions management system 1204 in actions 2 and 3of FIG. 13B, and/or by the permissions management system 1204 and/or thetrusted third-party processor system 1212 in actions 2, 3, and 4 of FIG.15.

At block 1610, the permissions management system 1204 receives accountcredentials and/or permissions to be associated with the externaluser-facing system/application 1208. Account credentials may include,for example, a username and password (and/or any other credentialinformation) used by the user for logging into/accessing an account ofthe user at, e.g., the external user account system 1206 (and/or anotherinstitution).

At block 1620, the permissions management system 1204 uses the useraccount credentials to communicate with the external user account system1206 to access user account data related to the user. As mentioned, theprocess of communicating with an institution system (e.g., the externaluser account system 1206) to obtain user account information isdescribed above in reference to, e.g., FIGS. 1-3, 4A-4B, and 5-10. Thisblock (and/or the 1610) may additionally involve presenting informationto, and/or obtaining additional information from, the user for purposesto satisfying multi-factor authentication.

In some instances, the user may have more than on user account with theinstitution that is accessed. Accordingly, in optional block 1630, thepermissions management system 1204 may receive, from the user, aselection of one or more of these accounts that are to be associatedwith the external user-facing system/application 1208. Such a selectionmay be obtained from the user via an interactive user interface that maybe presented to the user (via, e.g., any combination of the permissionsmanagement system 1204, the permissions plug-in 1210, the externaluser-facing system/application 1208, and/or the user computing device1214). An example of such a user interface is shown in FIG. 20A (whichis further described below).

At block 1640, the electronic record and token that correspond to thecombination of the user and the external user-facing system/application1208 are generated. As mentioned above, in some implementations eachelectronic record that is generated may correspond to a singlecombination of a user and an external user-facing system/application. Inother implementations, each electronic record may correspond to variouscombinations to users, developers, external user-facingsystems/applications, external institution systems, and/or the like. Inan implementation, there may be multiple electronic records associatedwith a single combination of a user and an external user-facingsystem/application. For example, the user may have multiple interactions(e.g., multiple accounts) with the external user-facingsystem/application, and may therefore desire multiple sets ofpermissions, or multiple user accounts (here referring to, e.g.,financial accounts with external institutions) to be associated with theexternal user-facing system/application for different purposes. Examplesof such multiple interactions may include a newsletter subscription (inwhich there may be multiple ongoing payments) and a one-off purchase ofgoods (in which there is a single purchase). Thus, two electronicrecords with varying levels of permission may be desired. In anotherimplementation, multiple sets of permissions and/or multiple accountsmay all be stored within a same electronic record, and may bedifferentiated by various appropriate identifiers.

FIG. 16B is a flowchart of another example method of generating a token,according to an embodiment. For example, the method of FIG. 16B may beperformed by the external user account system 1206 in actions 1 a and 1b of FIG. 13A, and/or by the external user account system 1206 in actionZ of FIG. 13B.

At block 1650, the external user account system 1206 receives accountcredentials and a client ID associated with the external user-facingsystem/application 1208. Account credentials may include, for example, ausername and password (and/or any other credential information) used bythe user for logging into/accessing an account of the user at, e.g., theexternal user account system 1206 (and/or another institution). In someimplementations, the external user account system 1206 may also receivepermissions to be associated with the external user-facingsystem/application 1208.

At block 1660, the external user account system 1206 generates anelectronic record and token that correspond to the combination of theuser and the external user-facing system/application 1208. As mentionedabove, in some implementations each electronic record that is generatedmay correspond to a single combination of a user and an externaluser-facing system/application. In other implementations, eachelectronic record may correspond to various combinations to users,developers, external user-facing systems/applications, externalinstitution systems, and/or the like. In an implementation, there may bemultiple electronic records associated with a single combination of auser and an external user-facing system/application. For example, theuser may have multiple interactions (e.g., multiple accounts) with theexternal user-facing system/application, and may therefore desiremultiple sets of permissions, or multiple user accounts (here referringto, e.g., financial accounts with external institutions) to beassociated with the external user-facing system/application fordifferent purposes. In another implementation, multiple sets ofpermissions and/or multiple accounts may all be stored within a sameelectronic record, and may be differentiated by various appropriateidentifiers.

In some instances, the user may have more than on user account with theinstitution that is accessed. Accordingly, in optional block 1670, theexternal user account system 1206 may receive, from the user, aselection of one or more of these accounts that are to be associatedwith the external user-facing system/application 1208. Such a selectionmay be obtained from the user via an interactive user interface that maybe presented to the user (via, e.g., any combination of the externaluser account system 1206, the permissions plug-in 1210 and 1211, theexternal user-facing system/application 1208, and/or the user computingdevice 1214). An example of such a user interface is shown in FIG. 20A(which is further described below).

Similarly, in some instances the user may specify permissions and/orreview documents as part of the authorization process, as describedabove. Accordingly, in optional block 1680, the external user accountsystem 1206 may receive, from the user, a selection of one or morepermissions and/or acceptance of one or more documents. Such selectionsmay be obtained from the user via an interactive user interface that maybe presented to the user (via, e.g., any combination of the externaluser account system 1206, the permissions plug-in 1210 and 1211, theexternal user-facing system/application 1208, and/or the user computingdevice 1214). Examples of such user interfaces are shown in FIGS. 19Jand 20A (which are further described below).

At block 1690, the permissions management system 1204 uses the tokenand/or an access key to communicate with the external user accountsystem 1206 to access user account data related to the user. The tokenand/or an access key provide verification with the permissionsmanagement system 1204 has the credentials or authorization to accessthe user account data from the user account associated with the token.In some implementations, as described above, the token may be used bythe permissions management system 1204 in an initial communication withthe external user account system 1206 to obtain and access key from theexternal user account system 1206. Alternatively, the token may be usedin communications with the external user account system 1206.

FIG. 17 illustrates examples of a token map 1710, a record vault 1720,and an electronic record 1730 that may be generated, e.g., by thepermissions management system 1204 according to the method of FIG. 16A,and/or other methods/actions described herein (e.g., as described inreference to FIG. 16B). The record vault 1720 is an example of therecord vault 1302 described previously. Each of the token map 1710 andthe record vault 1720 may be comprised of a database, in animplementation. In some implementations, each of the token map 1710 andthe record vault 1720 may comprise tables in a database, and/or may becombined into a single table/database. Advantageously, the token map1710 and/or the record vault 1720 may be securely stored (e.g.,encrypted, etc.) so as to protect the user-related data.

The record vault 1720 may include a plurality of electronic records,such as the electronic record 1730. As shown in the example of theelectronic record 1730, an electronic record may include one or more ofthe following: a unique record name (which may be used to identify therecord among the various records), a user identifier (e.g., anyidentifier associated with the user that provided the accountcredentials), a client ID (as described above), account informationobtained from an external institution using the account credentials(e.g., an account number, a routing number, etc.), various permissions,and/or a transaction history. In some implementations, the electronicrecord may include other user account data, other data related to theuser and/or the external user-facing system/application, accountcredentials, and/or the like.

Examples of permissions that may be stored with the electronic recordinclude any permission related to frequency, use, time, amount, type,and/or the like. For example, in the context of financial transactions,the user may specify a limit on the amount of transactions (e.g., nomore than $500), the frequency of transactions (e.g., no more than onetransaction per month), the amount within a particular time frame (e.g.,no more than $1000 per month), and/or any combination of these and/orother permissions.

The token map 1710 may be stored with the record vault 1720, and/orseparately from the record vault 1720, and/or may be combined with therecord vault 1720. The token map 1710 provides a mapping between thetoken (e.g., the unique record identifier) associated with eachelectronic record, and the unique record name. In some implementations,the token and the unique record name may be the same (e.g., such that notoken map 1710 is needed). However, it may be advantageous to have adifferent token (e.g., unique record identifier) because, as isdescribed above, the token is shared with other parties, including theexternal user-facing system/application. In the event that the token iscompromised (e.g., stolen or lost), a new token may be generated, andthe token map 1710 may be updated accordingly, such that thecorresponding electronic record need not be regenerated. In someimplementations, the unique record name and/or the token (e.g., theunique record identifier) comprised an encrypted hash of one or moreitems of data of the electronic record. In other implementations, theunique record name and/or the token comprised a randomly generatedunique string of characters (and/or any other suitable identifier).

In some embodiments the electronic record 1730 may include a history oftransactions associated with the external user-facing system/application1208. For example, transaction details related to each transactionauthorized by the system may be stored. Such history information may beused by the system to determine and/or enforce certain permissions. Forexample, when the permission indication a limit on frequency oftransactions, the system may access the history stored with theelectronic record to determine whether, for a given transaction, thefrequency permission is satisfied or not. Accordingly, in someembodiments, the trusted third-party processor system 1212 maycommunicate with the permissions management system 1204 to indicatewhether transactions are completed successfully.

XI. Example Method Related to Permissions Plug-In

FIG. 18 is a flowchart of an example method of the system, andspecifically an example method related to interactive user interfaces,according to an embodiment. For example, the method of FIG. 18 may beperformed by the permissions plug-in 1210 and/or the permissions plug-in1211 in actions 1 a, 1 b, 1 c, 2, 3, 4, 5, and/or 6 of FIG. 13A. Inanother example, the method of FIG. 18 may be performed by thepermissions management system 1204 and/or the permissions plug-in 1210in actions 1, 2, and/or 3 of FIG. 13B. In yet another example, themethod of FIG. 18 may be performed by a the permissions managementsystem 1204, the permissions plug-in 1210, and/or the trustedthird-party processor system 1212 in actions 1, 2, 3, and/or 4 of FIG.15.

At block 1810, the permissions plug-in 1210 is provided to the externaluser-facing system/application 1208. For example, the permissionsplug-in 1210 may comprise a code snippet and/or other software aspectsthat may be implemented (by, for example, a developer) in the externaluser-facing system/application 1208. In one implementation thepermissions plug-in 1210 comprises one or more lines of JavaScript that,when executed by, e.g., a web browser, executes various softwarefunctions.

At block 1812, when the permissions plug-in 1210 is executed by, e.g.,the user computing device 1214 (e.g., when executed by a web browser ofthe user computing device 1214), the permissions plug-in 1210 initiatescommunication with the permissions management system 1204.Advantageously, communication between the permissions plug-in 1210 andthe permissions management system 1204 may be secure (e.g., encrypted)such that the external user-facing system/application 1208 may notintercept or access the communication. This may be enabled by, forexample, the permissions plug-in 1210 executing on the user's device,rather than directly on the external user-facing system/application1208.

Optionally, at block 1814, the permissions plug-in 1210 may requestadditional scripts or other software aspects from the permissionsmanagement system 1204. Alternatively, the permissions plug-in 1210 mayinclude all necessary software aspects without needing to receiveadditional data from the permissions management system 1204. Inresponse, the permissions management system 1204 may provide therequested data to the permissions plug-in 1210.

In an alternative to blocks 1810, 1812, and 1814, the method may proceedwith blocks 1820, 1822, and 1824 (for example, as described in referenceto FIG. 13A above).

At block 1820, similar to block 1810, the permissions plug-ins 1210and/or 1211 are provided to the external user-facing system/application1208 and/or the user computing device 1214. For example, the permissionsplug-ins 1210 and/or 1211 may comprise a code snippet and/or othersoftware aspects that may be implemented (by, for example, a developer)in the external user-facing system/application 1208. In oneimplementation the permissions plug-in 1210 and/or 1211 comprise one ormore lines of JavaScript that, when executed by, e.g., a web browser,executes various software functions.

At block 1822, when the permissions plug-ins 1210 and/or 1211 areexecuted by, e.g., the user computing device 1214 (e.g., when executedby a web browser of the user computing device 1214), the permissionsplug-ins 1210 and/or 1211 initiates communication with the external useraccount system 1206. Advantageously, communication between thepermissions plug-ins and the external user account system 1206 may besecure (e.g., encrypted) such that the external user-facingsystem/application 1208 and the permissions management system 1204 maynot intercept or access the communication. This may be enabled by, forexample, the permissions plug-ins 1210 and/or 1211 executing on theuser's device, rather than directly on the external user-facingsystem/application 1208.

In some implementations, at block 1824, when the permissions plug-ins1210 and/or 1211 are executed, additional scripts or other softwareaspects may be requested from the external user account system 1206.Alternatively, the permissions plug-ins 1210 and/or 1211 may include allnecessary software aspects without needing to receive additional datafrom the external user account system 1206. In response, the externaluser account system 1206 may provide the requested data to thepermissions plug-ins 1210 and/or 1211.

At block 1840, the permissions plug-in may generate an interactive userinterface that may be displayed to the user, and through whichinformation may be presented and received. Examples of such userinterfaces are described below in reference to FIGS. 19A-19J, and20A-20C. Account credentials, for example, received from the user, maythen be communicated to the permissions management system 1204 (inaddition to other items of information, as described herein). In someimplementations, when the permissions plug-ins are executed, the userinterface may be redirected to a page or interface directly managed bythe external user account system 1206 (e.g., providing a direct way toprovide account credentials to the external user account system 1206).

At block 1850, the token is generated by using the received accountcredentials (and other information). Token generation is described indetail herein, including, e.g., in reference to FIGS. 16A-16B.

At block 1860, the token generated by the permissions management system1204 and/or the external user account system 1206 is communicated to theexternal user-facing system/application 1208, either directly, via thepermissions plug-in 1210, and/or via the permissions management system1204 (as described above in reference to FIG. 16A). Additionally, theinteractive user interface may be exited in this block. In someinstances the interactive user interface may be kept open with the useruntil the completion of the generation of the token, while in otherinstances it may not, depending on the implementation and theinformation needed from the user.

The various interactive user interfaces described herein may, in variousembodiments, be generated by any of the aspects of the system (e.g., thesystem 100 and/or the permissions management system 1204 (which isitself an implementation of the system 100), the permissions plug-ins1210 or 1211, the external user account system 1206, a user device,and/or the like). For example, as mentioned below, in someimplementations user interface data may be generated by an aspect (e.g.,the permissions management system 1204), and may be transmitted via oneor more other aspects to a computing device of the user (e.g., the usercomputing device 1214, such as a smartphone) where the user interfacedata may be rendered so as to display a user interface to the user.Alternatively, the interactive user interfaces may be generated by thesystem (e.g., the permissions management system 1204) and accessed bythe user on other suitable ways.

XII. Example User Interfaces of the System

FIGS. 19A-19J, and 20A-20C illustrate example interactive userinterfaces of the system, according to various embodiments, each ofwhich may support aspects of the functionality described above.

FIG. 19A illustrates an initial user interface 1910 that may bedisplayed to a user in response to the user indicating that they wouldlike to initiate a transaction and/or authorize an external user-facingsystem/application to access/execute transactions related to a useraccount. As shown, the user interface 1910 may include multiple banks(or other institutions) from which the user may select. For example, theuser may select an institution at which they have an account that theywould like to authorize access to.

Upon selection of an institution, user interface 1920 of FIG. 19B may bedisplayed to the user. Via the user interface 1920 the user may entertheir account credentials and select a “submit” button to continue.

Upon providing such account credentials, user interface 1930 of FIG. 19Cmay be displayed to the user, indicating that the credentials are beingcommunicated to the permissions management system 1204. Further, as theprocess progresses, the user interface may be updated in an animated wayto indicate such progress. For example, user interface 1940 of FIG. 19Dmay be displayed while user account information is obtained from theinstitution.

In the event that multi-factor authentication information is needed,other user interfaces such as user interfaces 1950, 1960, and 1970 ofFIGS. 19E, 19F, and 19G (or other suitable user interfaces) may bedisplayed to obtain such information and indicate progression of theprocess.

When access has been determined, user interface 1980 of FIG. 19H may bedisplayed to the user.

At this point, in certain implementations, the token may beautomatically generated and the user interface may be closed. However,in other implementations the user may further select a specific accountfrom the institution, review documents provided by the institution,and/or provide permissions information.

For example, user interface 1990 of FIG. 19I may be displayed to theuser to allow the used to review and/or provide permissions to theexternal user-facing system/application. In another example, userinterface 1991 of FIG. 19J may be displayed to the user to allow theuser to review and/or accept terms and conditions or review otherdocuments provided by the external user account system.

In yet another example, user interface 2010 of FIG. 20A may be displayedto the user, and may list each account of the user from the institution.As shown, various items of information related to the accounts may bedisplayed. The user may select a button, such as button 2020 to indicateselection of a particular account to authorize/associate with theexternal user-facing system/application. Further, as mentioned, uponselection of an account, the user may indicate particular permissionsassociated with that authorization via a similar user interface.

User interface 2030 of FIG. 20B shows an example user interface by whichthe user may de-authorize an account (as described above in reference toFIG. 14). For example, the user interface 2030 may indicate all accounts(or tokens) associated with a particular external user-facingsystem/application, and allow the user to de-authorize the externaluser-facing system/application by, for example, selection of button2040. Further, as mentioned, the user may also optionally changeparticular permissions associated with the authorized account(s) via asimilar user interface. Using button 2042, the user may de-authorize theexternal user-facing system/application from accessing data for alllisted accounts.

User interface 2050 of FIG. 20C may be displayed to the user, andsimilar to user interface 2010 of FIG. 20A, may list each account of theuser from the institution. As with user interface 2010, user interface2050 may include various items of information related to the accounts.The user may select a button, such as button 2052 to indicate selectionof a particular account to authorize/associate with the externaluser-facing system/application. For example, the user may authorize theexternal user-facing system/application to access data associated witheach account, for example, to use the data with the external user-facingsystem/application. Further, as mentioned, upon selection of an account,the user may indicate particular permissions associated with thatauthorization via a similar user interface. In another example, the usermay select button 2054 to authorize access to data from all the accountsby the external user-facing system/application.

In various implementations, the user interfaces of FIGS. 19A-19I and20A-20C may be displayed in orders different from the order shown anddescribed.

In some implementations, one or more of the user interfaces of thesystem may comprise popups that overlay other user interfaces of theexternal user-facing system/application. In other implementations, oneor more of the user interfaces of the system are integrated with userinterfaces of the external user-facing system/application such that auser may not be able to distinguish the user interfaces of the systemfrom the user interfaces of the external user-facing system/application.In yet other implementations, one or more of the user interfaces of thesystem may be generated on the user computing device.

XIII. Additional Implementation Details and Embodiments

Various embodiments of the present disclosure may be a system, a method,and/or a computer program product at any possible technical detail levelof integration. The computer program product may include a computerreadable storage medium (or mediums) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent disclosure.

For example, the functionality described herein may be performed assoftware instructions are executed by, and/or in response to softwareinstructions being executed by, one or more hardware processors and/orany other suitable computing devices. The software instructions and/orother executable code may be read from a computer readable storagemedium (or mediums).

The computer readable storage medium can be a tangible device that canretain and store data and/or instructions for use by an instructionexecution device. The computer readable storage medium may be, forexample, but is not limited to, an electronic storage device (includingany volatile and/or non-volatile electronic storage devices), a magneticstorage device, an optical storage device, an electromagnetic storagedevice, a semiconductor storage device, or any suitable combination ofthe foregoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a solid state drive, a random accessmemory (RAM), a read-only memory (ROM), an erasable programmableread-only memory (EPROM or Flash memory), a static random access memory(SRAM), a portable compact disc read-only memory (CD-ROM), a digitalversatile disk (DVD), a memory stick, a floppy disk, a mechanicallyencoded device such as punch-cards or raised structures in a groovehaving instructions recorded thereon, and any suitable combination ofthe foregoing. A computer readable storage medium, as used herein, isnot to be construed as being transitory signals per se, such as radiowaves or other freely propagating electromagnetic waves, electromagneticwaves propagating through a waveguide or other transmission media (e.g.,light pulses passing through a fiber-optic cable), or electrical signalstransmitted through a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions (as also referred to herein as,for example, “code,” “instructions,” “module,” “application,” “softwareapplication,” and/or the like) for carrying out operations of thepresent disclosure may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. Computer readable program instructions may be callable fromother instructions or from itself, and/or may be invoked in response todetected events or interrupts. Computer readable program instructionsconfigured for execution on computing devices may be provided on acomputer readable storage medium, and/or as a digital download (and maybe originally stored in a compressed or installable format that requiresinstallation, decompression or decryption prior to execution) that maythen be stored on a computer readable storage medium. Such computerreadable program instructions may be stored, partially or fully, on amemory device (e.g., a computer readable storage medium) of theexecuting computing device, for execution by the computing device. Thecomputer readable program instructions may execute entirely on a user'scomputer (e.g., the executing computing device), partly on the user'scomputer, as a stand-alone software package, partly on the user'scomputer and partly on a remote computer or entirely on the remotecomputer or server. In the latter scenario, the remote computer may beconnected to the user's computer through any type of network, includinga local area network (LAN) or a wide area network (WAN), or theconnection may be made to an external computer (for example, through theInternet using an Internet Service Provider). In some embodiments,electronic circuitry including, for example, programmable logiccircuitry, field-programmable gate arrays (FPGA), or programmable logicarrays (PLA) may execute the computer readable program instructions byutilizing state information of the computer readable programinstructions to personalize the electronic circuitry, in order toperform aspects of the present disclosure.

Aspects of the present disclosure are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of thedisclosure. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart(s) and/or block diagram(s)block or blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks. For example, the instructions may initially be carried on amagnetic disk or solid state drive of a remote computer. The remotecomputer may load the instructions and/or modules into its dynamicmemory and send the instructions over a telephone, cable, or opticalline using a modem. A modem local to a server computing system mayreceive the data on the telephone/cable/optical line and use a converterdevice including the appropriate circuitry to place the data on a bus.The bus may carry the data to a memory, from which a processor mayretrieve and execute the instructions. The instructions received by thememory may optionally be stored on a storage device (e.g., a solid statedrive) either before or after execution by the computer processor.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present disclosure. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. In addition, certain blocks may be omitted insome implementations. The methods and processes described herein arealso not limited to any particular sequence, and the blocks or statesrelating thereto can be performed in other sequences that areappropriate.

It will also be noted that each block of the block diagrams and/orflowchart illustration, and combinations of blocks in the block diagramsand/or flowchart illustration, can be implemented by special purposehardware-based systems that perform the specified functions or acts orcarry out combinations of special purpose hardware and computerinstructions. For example, any of the processes, methods, algorithms,elements, blocks, applications, or other functionality (or portions offunctionality) described in the preceding sections may be embodied in,and/or fully or partially automated via, electronic hardware suchapplication-specific processors (e.g., application-specific integratedcircuits (ASICs)), programmable processors (e.g., field programmablegate arrays (FPGAs)), application-specific circuitry, and/or the like(any of which may also combine custom hard-wired logic, logic circuits,ASICs, FPGAs, etc. with custom programming/execution of softwareinstructions to accomplish the techniques).

Any of the above-mentioned processors, and/or devices incorporating anyof the above-mentioned processors, may be referred to herein as, forexample, “computers,” “computer devices,” “computing devices,” “hardwarecomputing devices,” “hardware processors,” “processing units,” and/orthe like. Computing devices of the above-embodiments may generally (butnot necessarily) be controlled and/or coordinated by operating systemsoftware, such as Mac OS, iOS, Android, Chrome OS, Windows OS (e.g.,Windows XP, Windows Vista, Windows 7, Windows 8, Windows 10, WindowsServer, etc.), Windows CE, Unix, Linux, SunOS, Solaris, Blackberry OS,VxWorks, or other suitable operating systems. In other embodiments, thecomputing devices may be controlled by a proprietary operating system.Conventional operating systems control and schedule computer processesfor execution, perform memory management, provide file system,networking, I/O services, and provide a user interface functionality,such as a graphical user interface (“GUI”), among other things.

As described above, in various embodiments certain functionality may beaccessible by a user through a web-based viewer (such as a web browser),or other suitable software program). In such implementations, the userinterface may be generated by a server computing system and transmittedto a web browser of the user (e.g., running on the user's computingsystem). Alternatively, data (e.g., user interface data) necessary forgenerating the user interface may be provided by the server computingsystem to the browser, where the user interface may be generated (e.g.,the user interface data may be executed by a browser accessing a webservice and may be configured to render the user interfaces based on theuser interface data). The user may then interact with the user interfacethrough the web-browser. User interfaces of certain implementations maybe accessible through one or more dedicated software applications. Incertain embodiments, one or more of the computing devices and/or systemsof the disclosure may include mobile computing devices, and userinterfaces may be accessible through such mobile computing devices (forexample, smartphones and/or tablets).

Many variations and modifications may be made to the above-describedembodiments, the elements of which are to be understood as being amongother acceptable examples. All such modifications and variations areintended to be included herein within the scope of this disclosure. Theforegoing description details certain embodiments. It will beappreciated, however, that no matter how detailed the foregoing appearsin text, the systems and methods can be practiced in many ways. As isalso stated above, it should be noted that the use of particularterminology when describing certain features or aspects of the systemsand methods should not be taken to imply that the terminology is beingre-defined herein to be restricted to including any specificcharacteristics of the features or aspects of the systems and methodswith which that terminology is associated.

Conditional language, such as, among others, “can,” “could,” “might,” or“may,” unless specifically stated otherwise, or otherwise understoodwithin the context as used, is generally intended to convey that certainembodiments include, while other embodiments do not include, certainfeatures, elements, and/or steps. Thus, such conditional language is notgenerally intended to imply that features, elements and/or steps are inany way required for one or more embodiments or that one or moreembodiments necessarily include logic for deciding, with or without userinput or prompting, whether these features, elements and/or steps areincluded or are to be performed in any particular embodiment.

The term “substantially” when used in conjunction with the term“real-time” forms a phrase that will be readily understood by a personof ordinary skill in the art. For example, it is readily understood thatsuch language will include speeds in which no or little delay or waitingis discernible, or where such delay is sufficiently short so as not tobe disruptive, irritating, or otherwise vexing to a user.

Conjunctive language such as the phrase “at least one of X, Y, and Z,”or “at least one of X, Y, or Z,” unless specifically stated otherwise,is to be understood with the context as used in general to convey thatan item, term, etc. may be either X, Y, or Z, or a combination thereof.For example, the term “or” is used in its inclusive sense (and not inits exclusive sense) so that when used, for example, to connect a listof elements, the term “or” means one, some, or all of the elements inthe list. Thus, such conjunctive language is not generally intended toimply that certain embodiments require at least one of X, at least oneof Y, and at least one of Z to each be present.

The term “a” as used herein should be given an inclusive rather thanexclusive interpretation. For example, unless specifically noted, theterm “a” should not be understood to mean “exactly one” or “one and onlyone”; instead, the term “a” means “one or more” or “at least one,”whether used in the claims or elsewhere in the specification andregardless of uses of quantifiers such as “at least one,” “one or more,”or “a plurality” elsewhere in the claims or specification.

The term “comprising” as used herein should be given an inclusive ratherthan exclusive interpretation. For example, a general purpose computercomprising one or more processors should not be interpreted as excludingother computer components, and may possibly include such components asmemory, input/output devices, and/or network interfaces, among others.

While the above detailed description has shown, described, and pointedout novel features as applied to various embodiments, it may beunderstood that various omissions, substitutions, and changes in theform and details of the devices or processes illustrated may be madewithout departing from the spirit of the disclosure. As may berecognized, certain embodiments of the inventions described herein maybe embodied within a form that does not provide all of the features andbenefits set forth herein, as some features may be used or practicedseparately from others. The scope of certain inventions disclosed hereinis indicated by the appended claims rather than by the foregoingdescription. All changes which come within the meaning and range ofequivalency of the claims are to be embraced within their scope.

What is claimed is:
 1. A computer-implemented method of facilitatingtransactions while minimizing sharing of sensitive account information,the computer-implemented method comprising: determining a plurality ofcomputing devices including at least: a first computing device; a secondcomputing device associated with an external application; a thirdcomputing device associated with an institution; and a fourth computingdevice, wherein: the first computing device is in two-way communicationwith all of the second, third, and fourth computing devices, and thefourth computing device is in two-way communication with all of thefirst, third, and fourth computing devices; by the first computingdevice executing program instructions: receiving, from the secondcomputing device, an authorization request including an indication of auser account; retrieving, from the third computing device associatedwith the institution, information associated with the user account heldby the institution; and providing, to the fourth computing device, atleast a portion of the information associated with the user account; andby the fourth computing device executing program instructions:receiving, from the first computing device, the information associatedwith the user account, wherein the information includes at least:account information associated with the user account that is associatedwith the institution, and an identifier associated with an externalapplication; generating at least: an electronic record of theinformation, and a token associated with the electronic record; causingat least one of a unique identifier associated with the token or thetoken to be provided to the second computing device; receiving, from thesecond computing device, at least: the at least one of the uniqueidentifier associated with the token or the token, and a request tocause a transaction related to the user account to be executed;verifying, based at least in part on the at least one of the uniqueidentifier associated with the token or the token, authorization of thesecond computing device to cause the transaction to be executed;initiating the transaction via communication with the third computingdevice or another institution or transaction processor; receiving arequest to deauthorize the second computing device from causingexecution of transactions related to the user account; and in responseto the request to deauthorize the second computing device, revoking theat least one of the unique identifier associated with the token or thetoken, whereby the second computing device is enabled to causetransactions related to the user account to be executed without sharingaccount information with the second computing device, and wherebydeauthorization of the second computing device from causing transactionsto be executed is efficiently enabled by revocation of the at least oneof the unique identifier associated with the token or the token.
 2. Thecomputer-implemented method of claim 1, wherein the at least one of theunique identifier associated with the token or the token is provided tothe second computing device via the first computing device.
 3. Thecomputer-implemented method of claim 1, wherein the at least one of theunique identifier associated with the token or the token is provided tothe second computing device directly.
 4. The computer-implemented methodof claim 1 further comprising: by the first computing device: providing,to the fourth computing device, one or more permissions along with theinformation associated with the user account; and by the fourthcomputing device: in response to receiving the request to cause thetransaction related to the user account to be executed, determining,based on the one or more permissions, an authorization of the externalapplication to cause the transaction related to the user account to beexecuted.
 5. The computer-implemented method of claim 4 furthercomprising: by the fourth computing device: providing an indication tothe second computing device whether or not there is an authorization ofthe external application to cause the transaction related to the useraccount to be executed.
 6. The computer-implemented method of claim 1,wherein the information associated with the user account furtherincludes at least one of: an indication of the external application, oran indication of the institution.
 7. The computer-implemented method ofclaim 1 further comprising: by the fourth computing device: providing anindication to the second computing device whether or not execution ofthe transaction is successful.
 8. The computer-implemented method ofclaim 1, wherein the account information associated with a user accountincludes at least one of: an account number, or a routing number.
 9. Thecomputer-implemented method of claim 1, wherein the generating isperformed in response to a request received from a computing deviceassociated with the external application.
 10. The computer-implementedmethod of claim 1, wherein the method does not include directcommunications between the second and third computing devices.
 11. Asystem configured to facilitate transactions while minimizing sharing ofsensitive account information, the system comprising: a plurality ofcomputing devices including at least: a first computing device; a secondcomputing device associated with an external application; a thirdcomputing device associated with an institution; and a fourth computingdevice, wherein: the first computing device is in two-way communicationwith all of the second, third, and fourth computing devices, the fourthcomputing device is in two-way communication with all of the first,third, and fourth computing devices, the first computing device isconfigured to execute program instructions to cause the first computingdevice to: receive, from the second computing device, an authorizationrequest including an indication of a user account; retrieve, from thethird computing device associated with the institution, informationassociated with the user account held by the institution; and provide,to the fourth computing device, at least a portion of the informationassociated with the user account, and the fourth computing device isconfigured to execute program instructions to cause the fourth computingdevice to: receive, from the first computing device, the informationassociated with the user account, wherein the information includes atleast: account information associated with the user account that isassociated with the institution, and an identifier associated with anexternal application; generating at least: an electronic record of theinformation, and a token associated with the electronic record; cause atleast one of a unique identifier associated with the token or the tokento be provided to the second computing device; receive, from the secondcomputing device, at least: the at least one of the unique identifierassociated with the token or the token, and a request to cause atransaction related to the user account to be executed; verify, based atleast in part on the at least one of the unique identifier associatedwith the token or the token, authorization of the second computingdevice to cause the transaction to be executed; initiate the transactionvia communication with the third computing device or another institutionor transaction processor; receive a request to deauthorize the secondcomputing device from causing execution of transactions related to theuser account; and in response to the request to deauthorize the secondcomputing device, revoke the at least one of the unique identifierassociated with the token or the token, whereby the second computingdevice is enabled to cause transactions related to the user account tobe executed without sharing account information with the secondcomputing device, and whereby deauthorization of the second computingdevice from causing transactions to be executed is efficiently enabledby revocation of the at least one of the unique identifier associatedwith the token or the token.
 12. The system of claim 11, wherein the atleast one of the unique identifier associated with the token or thetoken is provided to the second computing device via the first computingdevice.
 13. The system of claim 11, wherein the at least one of theunique identifier associated with the token or the token is provided tothe second computing device directly.
 14. The system of claim 11,wherein: the first computing device is further configured to executeprogram instructions to cause the first computing device to: provide, tothe fourth computing device, one or more permissions along with theinformation associated with the user account, and the fourth computingdevice is further configured to execute program instructions to causethe fourth computing device to: in response to receiving the request tocause the transaction related to the user account to be executed,determine, based on the one or more permissions, an authorization of theexternal application to cause the transaction related to the useraccount to be executed.
 15. The system of claim 14, wherein: the fourthcomputing device is further configured to execute program instructionsto cause the fourth computing device to: provide an indication to thesecond computing device whether or not there is an authorization of theexternal application to cause the transaction related to the useraccount to be executed.
 16. The system of claim 11, wherein theinformation associated with the user account further includes at leastone of: an indication of the external application, or an indication ofthe institution.
 17. The system of claim 11, wherein: the fourthcomputing device is further configured to execute program instructionsto cause the fourth computing device to: provide an indication to thesecond computing device whether or not execution of the transaction issuccessful.
 18. The system of claim 11, wherein the account informationassociated with a user account includes at least one of: an accountnumber, or a routing number.
 19. The system of claim 11, wherein thegenerating is performed in response to a request received from acomputing device associated with the external application.
 20. Thesystem of claim 11, wherein the method does not include directcommunications between the second and third computing devices.
 21. Acomputer program product for facilitating transactions while minimizingsharing of sensitive account information, the computer program productcomprising one or more non-transitory computer readable storage mediumshaving program instructions embodied therewith, the program instructionsexecutable by one or more computing devices to: determine a plurality ofcomputing devices including at least: a first computing device; a secondcomputing device associated with an external application; a thirdcomputing device associated with an institution; and a fourth computingdevice, wherein: the first computing device is in two-way communicationwith all of the second, third, and fourth computing devices, and thefourth computing device is in two-way communication with all of thefirst, third, and fourth computing devices; by the first computingdevice executing program instructions: receive, from the secondcomputing device, an authorization request including an indication of auser account; retrieve, from the third computing device associated withthe institution, information associated with the user account held bythe institution; and provide, to the fourth computing device, at least aportion of the information associated with the user account; and by thefourth computing device executing program instructions : receive, fromthe first computing device, the information associated with the useraccount, wherein the information includes at least: account informationassociated with the user account that is associated with theinstitution, and an identifier associated with an external application;generating at least: an electronic record of the information, and atoken associated with the electronic record; cause at least one of aunique identifier associated with the token or the token to be providedto the second computing device; receive, from the second computingdevice, at least: the at least one of the unique identifier associatedwith the token or the token, and a request to cause a transactionrelated to the user account to be executed; verify, based at least inpart on the at least one of the unique identifier associated with thetoken or the token, authorization of the second computing device tocause the transaction to be executed; initiate the transaction viacommunication with the third computing device or another institution ortransaction processor; receive a request to deauthorize the secondcomputing device from causing execution of transactions related to theuser account; and in response to the request to deauthorize the secondcomputing device, revoke the at least one of the unique identifierassociated with the token or the token, whereby the second computingdevice is enabled to cause transactions related to the user account tobe executed without sharing account information with the secondcomputing device, and whereby deauthorization of the second computingdevice from causing transactions to be executed is efficiently enabledby revocation of the at least one of the unique identifier associatedwith the token or the token.
 22. The computer program product of claim21, wherein the at least one of the unique identifier associated withthe token or the token is provided to the second computing device viathe first computing device.
 23. The computer program product of claim21, wherein the at least one of the unique identifier associated withthe token or the token is provided to the second computing devicedirectly.
 24. The computer program product of claim 21, wherein theprogram instructions are executable by one or more computing devices tofurther: by the first computing device: provide, to the fourth computingdevice, one or more permissions along with the information associatedwith the user account; and by fourth computing device: in response toreceiving the request to cause the transaction related to the useraccount to be executed, determine, based on the one or more permissions,an authorization of the external application to cause the transactionrelated to the user account to be executed.
 25. The computer programproduct of claim 24, wherein the program instructions are executable byone or more computing devices to further: by the fourth computingdevice: provide an indication to the second computing device whether ornot there is an authorization of the external application to cause thetransaction related to the user account to be executed.
 26. The computerprogram product of claim 21, wherein the information associated with theuser account further includes at least one of: an indication of theexternal application, or an indication of the institution.
 27. Thecomputer program product of claim 21, wherein the program instructionsare executable by one or more computing devices to further: by thefourth computing device: provide an indication to the second computingdevice whether or not execution of the transaction is successful. 28.The computer program product of claim 21, wherein the accountinformation associated with a user account includes at least one of: anaccount number, or a routing number.
 29. The computer program product ofclaim 21, wherein the generating is performed in response to a requestreceived from a computing device associated with the externalapplication.
 30. The computer program product of claim 21, wherein themethod does not include direct communications between the second andthird computing devices.